Export limit exceeded: 74451 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74451 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11872 | 1 Incsub | 1 Hustle | 2024-11-21 | 8.8 High |
| The Hustle (aka wordpress-popup) plugin 6.0.7 for WordPress is vulnerable to CSV Injection as it allows for injecting malicious code into a pop-up window. Successful exploitation grants an attacker with a right to execute malicious code on the administrator's computer through Excel functions as the plugin does not sanitize the user's input and allows insertion of any text. | ||||
| CVE-2019-11868 | 1 Softether | 1 See.sys | 2024-11-21 | 7.8 High |
| See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to. | ||||
| CVE-2019-11862 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2024-11-21 | 8.1 High |
| The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying. | ||||
| CVE-2019-11855 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2024-11-21 | 8.1 High |
| An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9. | ||||
| CVE-2019-11847 | 1 Sierrawireless | 13 Airlink Es440, Airlink Es450, Airlink Gx400 and 10 more | 2024-11-21 | 7.3 High |
| An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9. An authenticated user can escalate to root via the command shell. | ||||
| CVE-2019-11829 | 1 Synology | 1 Calendar | 2024-11-21 | 7.3 High |
| OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header. | ||||
| CVE-2019-11826 | 1 Synology | 1 Moments | 2024-11-21 | 8 High |
| Relative path traversal vulnerability in SYNO.PhotoTeam.Upload.Item in Synology Moments before 1.3.0-0691 allows remote authenticated users to upload arbitrary files via the name parameter. | ||||
| CVE-2019-11823 | 1 Synology | 1 Router Manager | 2024-11-21 | 8.6 High |
| CRLF injection vulnerability in Network Center in Synology Router Manager (SRM) before 1.2.3-8017-2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. | ||||
| CVE-2019-11821 | 1 Synology | 1 Photo Station | 2024-11-21 | 7.3 High |
| SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. | ||||
| CVE-2019-11816 | 2 Netgate, Opnsense | 2 Pfsense, Opnsense | 2024-11-21 | 7.2 High |
| Incorrect access control in the WebUI in OPNsense before version 19.1.8, and pfsense before 2.4.4-p3 allows remote authenticated users to escalate privileges to administrator via a specially crafted request. | ||||
| CVE-2019-11815 | 5 Canonical, Debian, Linux and 2 more | 15 Ubuntu Linux, Debian Linux, Linux Kernel and 12 more | 2024-11-21 | 8.1 High |
| An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. | ||||
| CVE-2019-11811 | 3 Linux, Opensuse, Redhat | 15 Linux Kernel, Leap, Enterprise Linux and 12 more | 2024-11-21 | 7.0 High |
| An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. | ||||
| CVE-2019-11810 | 4 Canonical, Debian, Linux and 1 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2024-11-21 | 7.5 High |
| An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free. | ||||
| CVE-2019-11781 | 1 Odoo | 1 Odoo | 2024-11-21 | 8.8 High |
| Improper input validation in portal component in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier, allows remote attackers to trick victims into modifying their account via crafted links, leading to privilege escalation. | ||||
| CVE-2019-11780 | 1 Odoo | 1 Odoo | 2024-11-21 | 8.1 High |
| Improper access control in the computed fields system of the framework of Odoo Community 13.0 and Odoo Enterprise 13.0 allows remote authenticated attackers to access sensitive information via crafted RPC requests, which could lead to privilege escalation. | ||||
| CVE-2019-11777 | 2 Eclipse, Redhat | 2 Paho Java Client, Jboss Fuse | 2024-11-21 | 7.5 High |
| In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information. | ||||
| CVE-2019-11775 | 2 Eclipse, Redhat | 8 Openj9, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | 7.4 High |
| All builds of Eclipse OpenJ9 prior to 0.15 contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems. | ||||
| CVE-2019-11774 | 1 Eclipse | 1 Omr | 2024-11-21 | 7.4 High |
| Prior to 0.1, all builds of Eclipse OMR contain a bug where the loop versioner may fail to privatize a value that is pulled out of the loop by versioning - for example if there is a condition that is moved out of the loop that reads a field we may not privatize the value of that field in the modified copy of the loop allowing the test to see one value of the field and subsequently the loop to see a modified field value without retesting the condition moved out of the loop. This can lead to a variety of different issues but read out of array bounds is one major consequence of these problems. | ||||
| CVE-2019-11773 | 1 Eclipse | 1 Omr | 2024-11-21 | 7.8 High |
| Prior to 0.1, AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. | ||||
| CVE-2019-11771 | 1 Eclipse | 1 Openj9 | 2024-11-21 | 7.8 High |
| AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users. | ||||