Export limit exceeded: 337634 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75741 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16318 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 8.8 High |
| In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317. | ||||
| CVE-2019-16317 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 8.8 High |
| In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerability than CVE-2019-10867 and CVE-2019-16318. | ||||
| CVE-2019-16313 | 1 Ifw8 | 10 Fr5, Fr5-e, Fr5-e Firmware and 7 more | 2024-11-21 | 7.5 High |
| ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code. | ||||
| CVE-2019-16311 | 1 Niushop | 1 Niushop | 2024-11-21 | 8.8 High |
| NIUSHOP V1.11 has CSRF via search_info to index.php. | ||||
| CVE-2019-16305 | 2 Microsoft, Mobatek | 2 Windows, Mobaxterm | 2024-11-21 | 8.8 High |
| In MobaXterm 11.1 and 12.1, the protocol handler is vulnerable to command injection. A crafted link can trigger a popup asking whether the user wants to run MobaXterm to handle the link. If accepted, another popup appears asking for further confirmation. If this is also accepted, command execution is achieved, as demonstrated by the MobaXterm://`calc` URI. | ||||
| CVE-2019-16302 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the Ethernet VPN application (org.onosproject.evpnopenflow), the host event listener does not handle the following event types: HOST_MOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16301 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual tenant network application (org.onosproject.vtn), the host event listener does not handle the following event types: HOST_MOVED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16300 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the access control application (org.onosproject.acl), the host event listener does not handle the following event types: HOST_REMOVED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16299 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the mobility application (org.onosproject.mobility), the host event listener does not handle the following event types: HOST_ADDED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16298 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the virtual broadband network gateway application (org.onosproject.virtualbng), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16297 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-11-21 | 7.5 High |
| An issue was discovered in Open Network Operating System (ONOS) 1.14. In the P4 tutorial application (org.onosproject.p4tutorial), the host event listener does not handle the following event types: HOST_MOVED, HOST_REMOVED, HOST_UPDATED. In combination with other applications, this could lead to the absence of intended code execution. | ||||
| CVE-2019-16294 | 2 Notepad-plus-plus, Scintilla | 2 Notepad\+\+, Scintilla | 2024-11-21 | 7.8 High |
| SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. | ||||
| CVE-2019-16293 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 8.8 High |
| The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. | ||||
| CVE-2019-16288 | 1 Tenda | 2 N301, N301 Firmware | 2024-11-21 | 7.5 High |
| On Tenda N301 wireless routers, a long string in the wifiSSID parameter of a goform/setWifi POST request causes the device to crash. | ||||
| CVE-2019-16284 | 1 Hp | 204 260 G1 Dm, 260 G1 Dm Firmware, 280 Pro G1 and 201 more | 2024-11-21 | 7.2 High |
| A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250. | ||||
| CVE-2019-16281 | 1 Ptarmigan Project | 1 Ptarmigan | 2024-11-21 | 7.5 High |
| Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true;} return false;" code block. | ||||
| CVE-2019-16279 | 1 Nazgul | 1 Nostromo Nhttpd | 2024-11-21 | 7.5 High |
| A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request. | ||||
| CVE-2019-16277 | 1 Picoc Project | 1 Picoc | 2024-11-21 | 7.8 High |
| PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c. | ||||
| CVE-2019-16276 | 6 Debian, Fedoraproject, Golang and 3 more | 11 Debian Linux, Fedora, Go and 8 more | 2024-11-21 | 7.5 High |
| Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. | ||||
| CVE-2019-16274 | 1 Dten | 4 D5, D5 Firmware, D7 and 1 more | 2024-11-21 | 7.5 High |
| DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP. | ||||