Export limit exceeded: 74902 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74902 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19216 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-11-21 | 8.8 High |
| BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy. | ||||
| CVE-2019-19215 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-11-21 | 8.8 High |
| A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server. | ||||
| CVE-2019-19209 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 7.5 High |
| Dolibarr ERP/CRM before 10.0.3 allows SQL Injection. | ||||
| CVE-2019-19207 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 8.8 High |
| rConfig 3.9.2 allows devices.php?searchColumn= SQL injection. | ||||
| CVE-2019-19204 | 4 Debian, Fedoraproject, Oniguruma Project and 1 more | 6 Debian Linux, Fedora, Oniguruma and 3 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read. | ||||
| CVE-2019-19203 | 3 Fedoraproject, Oniguruma Project, Redhat | 5 Fedora, Oniguruma, Enterprise Linux and 2 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read. | ||||
| CVE-2019-19202 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 8.8 High |
| In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to change his own role by adding roleid=H2 to a POST request. | ||||
| CVE-2019-19200 | 1 Reddoxx | 1 Maildepot | 2024-11-21 | 8.8 High |
| REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access the mailboxes of other users. | ||||
| CVE-2019-19199 | 1 Reddoxx | 1 Maildepot | 2024-11-21 | 7.4 High |
| REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not invalidated upon a logout. | ||||
| CVE-2019-19197 | 1 Kyrolsecuritylabs | 1 Kyrol Internet Security | 2024-11-21 | 7.8 High |
| IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402401 using METHOD_NEITHER results in a read primitive. | ||||
| CVE-2019-19194 | 1 Telink-semi | 10 Tlsr8232, Tlsr8232 Ble Sdk, Tlsr8251 and 7 more | 2024-11-21 | 8.8 High |
| The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key (LTK) if an out-of-order link-layer encryption request is received during Secure Connections pairing. An attacker in radio range can have arbitrary read/write access to protected GATT service data, cause a device crash, or possibly control a device's function by establishing an encrypted session with the zero LTK. | ||||
| CVE-2019-19191 | 1 Shibboleth | 1 Service Provider | 2024-11-21 | 7.8 High |
| Shibboleth Service Provider (SP) 3.x before 3.1.0 shipped a spec file that calls chown on files in a directory controlled by the service user (the shibd account) after installation. This allows the user to escalate to root by pointing symlinks to files such as /etc/shadow. | ||||
| CVE-2019-19169 | 2 Microsoft, Raonwiz | 2 Activex, Dext5 | 2024-11-21 | 7.8 High |
| Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. | ||||
| CVE-2019-19168 | 2 Microsoft, Raonwiz | 2 Activex, Dext5 | 2024-11-21 | 7.8 High |
| Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerability, which could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. | ||||
| CVE-2019-19167 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 7.8 High |
| Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution. | ||||
| CVE-2019-19166 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2024-11-21 | 7.8 High |
| Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability that can load unauthorized DLL files. It allows attacker to cause remote code execution. | ||||
| CVE-2019-19165 | 2 Inogard, Microsoft | 4 Activex, Windows 10, Windows 7 and 1 more | 2024-11-21 | 7.2 High |
| AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10. | ||||
| CVE-2019-19164 | 2 Microsoft, Raonwiz | 2 Activex, Dext5 | 2024-11-21 | 7.8 High |
| dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection. | ||||
| CVE-2019-19163 | 1 Commax | 1 Cdp-1020mb Firmware | 2024-11-21 | 7.5 High |
| A Vulnerability in the firmware of COMMAX WallPad(CDP-1020MB) allow an unauthenticated adjacent attacker to execute arbitrary code, because of a using the old version of MySQL. | ||||
| CVE-2019-19162 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2024-11-21 | 7.8 High |
| A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it. | ||||