Export limit exceeded: 74899 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74899 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18909 | 2 Hp, Linux | 2 Thinpro, Linux Kernel | 2024-11-21 | 8.0 High |
| The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges. | ||||
| CVE-2019-18903 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Server | 2024-11-21 | 7.5 High |
| A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62. | ||||
| CVE-2019-18902 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Server | 2024-11-21 | 7.5 High |
| A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62. | ||||
| CVE-2019-18898 | 2 Opensuse, Suse | 4 Leap, Opensuse Factory, Suse Linux Enterprise Server and 1 more | 2024-11-21 | 7.7 High |
| UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. | ||||
| CVE-2019-18897 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Server | 2024-11-21 | 8.4 High |
| A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions. | ||||
| CVE-2019-18895 | 2 Microsoft, Scanguard | 2 Windows, Scanguard Antivirus | 2024-11-21 | 7.8 High |
| Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. | ||||
| CVE-2019-18894 | 1 Avast | 1 Premium Security | 2024-11-21 | 7.8 High |
| In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently logged in user. This allows for example attackers who compromised a browser extension to escape from the browser sandbox. | ||||
| CVE-2019-18888 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2024-11-21 | 7.5 High |
| An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x). | ||||
| CVE-2019-18887 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2024-11-21 | 8.1 High |
| An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel. | ||||
| CVE-2019-18884 | 1 Fairsketch | 1 Rise - Ultimate Project Manager | 2024-11-21 | 8.8 High |
| index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users. | ||||
| CVE-2019-18874 | 2 Psutil Project, Redhat | 7 Psutil, Ansible Tower, Enterprise Linux and 4 more | 2024-11-21 | 7.5 High |
| psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. | ||||
| CVE-2019-18872 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 7.5 High |
| Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set short or guessable passwords (e.g., 1 or 1234). | ||||
| CVE-2019-18871 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 8.8 High |
| A path traversal in debug.php accessed via default.php in Blaauw Remote Kiln Control through v3.00r4 allows an authenticated attacker to upload arbitrary files, leading to arbitrary remote code execution. | ||||
| CVE-2019-18867 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 7.5 High |
| Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/. | ||||
| CVE-2019-18866 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 7.5 High |
| Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database. | ||||
| CVE-2019-18864 | 1 Blaauwproducts | 1 Remote Kiln Control | 2024-11-21 | 7.5 High |
| /server-info and /server-status in Blaauw Remote Kiln Control through v3.00r4 allow an unauthenticated attacker to gain sensitive information about the host machine. | ||||
| CVE-2019-18862 | 1 Gnu | 1 Mailutils | 2024-11-21 | 7.8 High |
| maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode. | ||||
| CVE-2019-18857 | 1 Svg-sanitizer Project | 1 Svg-sanitizer | 2024-11-21 | 7.5 High |
| darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. | ||||
| CVE-2019-18856 | 1 Drupal | 1 Svg Sanitizer | 2024-11-21 | 7.5 High |
| A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled. | ||||
| CVE-2019-18855 | 1 10up | 1 Safe Svg | 2024-11-21 | 7.5 High |
| A Denial Of Service vulnerability exists in the safe-svg (aka Safe SVG) plugin through 1.9.4 for WordPress, related to potentially unwanted elements or attributes. | ||||