Export limit exceeded: 34647 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34647 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17230 | 1 Mageewp | 1 Onetone | 2024-11-21 | 5.3 Medium |
| includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes. | ||||
| CVE-2019-17201 | 1 Fasttracksoftware | 1 Admin By Request | 2024-11-21 | 7.8 High |
| FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevation. This elevation request has no local checks in the service, and depends on client-side validation in the AdminByRequest.exe interface, i.e., it is a vulnerable exposed functionality in the service. By communicating directly with the underlying service, any user can request elevation and obtain Administrator privilege regardless of group policies or permissions. | ||||
| CVE-2019-17184 | 1 Xerox | 11 Atlalink B8045, Atlalink B8055, Atlalink B8065 and 8 more | 2024-11-21 | 9.8 Critical |
| Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C8070 printers with software before 101.00x.089.22600 allow an attacker to gain privileges. | ||||
| CVE-2019-17087 | 1 Microfocus | 1 Acutoweb | 2024-11-21 | 7.5 High |
| Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under. | ||||
| CVE-2019-17075 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.5 High |
| An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance. | ||||
| CVE-2019-17063 | 1 Snowtide | 1 Pdfxstream | 2024-11-21 | 5.5 Medium |
| In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF file can trigger an extremely long running computation because of page-tree mishandling. | ||||
| CVE-2019-17019 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | 8.8 High |
| When Python was installed on Windows, a python file being served with the MIME type of text/plain could be executed by Python instead of being opened as a text file when the Open option was selected upon download. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 72. | ||||
| CVE-2019-17009 | 3 Microsoft, Mozilla, Opensuse | 5 Windows, Firefox, Firefox Esr and 2 more | 2024-11-21 | 7.8 High |
| When running, the updater service wrote status and log files to an unrestricted location; potentially allowing an unprivileged process to locate and exploit a vulnerability in file handling in the updater service. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.*. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. | ||||
| CVE-2019-17002 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 Medium |
| If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < 70. | ||||
| CVE-2019-16922 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 5.3 Medium |
| SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files. | ||||
| CVE-2019-16910 | 3 Arm, Debian, Fedoraproject | 4 Mbed Crypto, Mbed Tls, Debian Linux and 1 more | 2024-11-21 | 5.3 Medium |
| Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.) | ||||
| CVE-2019-16900 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 7.5 High |
| Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. | ||||
| CVE-2019-16899 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 7.5 High |
| In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. | ||||
| CVE-2019-16892 | 3 Fedoraproject, Redhat, Rubyzip Project | 4 Fedora, Cloudforms, Cloudforms Managementengine and 1 more | 2024-11-21 | 5.5 Medium |
| In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP entry sizes because data about the uncompressed size can be spoofed. This allows attackers to cause a denial of service (disk consumption). | ||||
| CVE-2019-16877 | 1 Portainer | 1 Portainer | 2024-11-21 | 8.8 High |
| Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). | ||||
| CVE-2019-16874 | 1 Portainer | 1 Portainer | 2024-11-21 | 6.5 Medium |
| Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). | ||||
| CVE-2019-16872 | 1 Portainer | 1 Portainer | 2024-11-21 | 9.9 Critical |
| Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). | ||||
| CVE-2019-16767 | 1 Inist | 1 Ezmaster | 2024-11-21 | 6.6 Medium |
| The admin sys mode is now conditional and dedicated for the special case. By default, since ezmaster@5.2.11 no instance (container) is launched with advanced capabilities (not launched as root) | ||||
| CVE-2019-16766 | 1 Labdigital | 1 Wagtail-2fa | 2024-11-21 | 8.7 High |
| When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0. | ||||
| CVE-2019-16765 | 1 Microsoft | 1 Codeql | 2024-11-21 | 7.4 High |
| If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to this version using Visual Studio Code Marketplace's upgrade mechanism. After upgrading, the codeQL.cli.executablePath setting can only be set in the per-user settings, and not in the per-workspace settings. More information about VS Code settings can be found here. | ||||