Export limit exceeded: 74609 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74609 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14788 | 1 Tribulant | 1 Newsletters | 2024-11-21 | 8.8 High |
| wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. | ||||
| CVE-2019-14768 | 1 Dimo-crm | 1 Yellowbox Crm | 2024-11-21 | 8.8 High |
| An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges. | ||||
| CVE-2019-14767 | 1 Dimo-crm | 1 Yellowbox Crm | 2024-11-21 | 7.5 High |
| In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server. | ||||
| CVE-2019-14765 | 1 Dimo-crm | 1 Yellowbox Crm | 2024-11-21 | 8.8 High |
| Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers. | ||||
| CVE-2019-14753 | 1 Sick | 4 Fx0-gent00000, Fx0-gent00000 Firmware, Fx0-gpnt00000 and 1 more | 2024-11-21 | 7.5 High |
| SICK FX0-GPNT00000 and FX0-GENT00000 devices through 3.4.0 have a Buffer Overflow | ||||
| CVE-2019-14745 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 7.8 High |
| In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables. | ||||
| CVE-2019-14744 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-11-21 | 7.8 High |
| In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. | ||||
| CVE-2019-14737 | 1 Ubisoft | 1 Uplay | 2024-11-21 | 7.8 High |
| Ubisoft Uplay 92.0.0.6280 has Insecure Permissions. | ||||
| CVE-2019-14734 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2024-11-21 | 8.8 High |
| AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::load() in mtk.cpp. | ||||
| CVE-2019-14733 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2024-11-21 | 8.8 High |
| AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::load() in rad.cpp. | ||||
| CVE-2019-14732 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2024-11-21 | 8.8 High |
| AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::load() in a2m.cpp. | ||||
| CVE-2019-14724 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 7.5 High |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account. | ||||
| CVE-2019-14719 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2024-11-21 | 7.8 High |
| Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager. | ||||
| CVE-2019-14717 | 1 Verifone | 2 Verix Os, Vx520 | 2024-11-21 | 7.8 High |
| Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call. | ||||
| CVE-2019-14712 | 1 Verifone | 2 Verix Os, Vx520 | 2024-11-21 | 7.8 High |
| Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation. | ||||
| CVE-2019-14711 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2024-11-21 | 7.0 High |
| Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass. | ||||
| CVE-2019-14692 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2024-11-21 | 8.8 High |
| AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in mkj.cpp. | ||||
| CVE-2019-14691 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2024-11-21 | 8.8 High |
| AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in dtm.cpp. | ||||
| CVE-2019-14690 | 2 Adplug Project, Fedoraproject | 2 Adplug, Fedora | 2024-11-21 | 8.8 High |
| AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_convert_stream() in bmf.cpp. | ||||
| CVE-2019-14688 | 2 Microsoft, Trendmicro | 9 Windows, Control Manager, Endpoint Sensor and 6 more | 2024-11-21 | 7.0 High |
| Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial product installation by an authorized user. The attacker must convince the target to download malicious DLL locally which must be present when the installer is run. | ||||