Export limit exceeded: 335275 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335275 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10045 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14812 | 3 Artifex, Fedoraproject, Redhat | 4 Ghostscript, Fedora, 3scale Amp and 1 more | 2024-11-21 | 7.8 High |
| A flaw was found in all ghostscript versions 9.x before 9.50, in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | ||||
| CVE-2019-14811 | 5 Artifex, Debian, Fedoraproject and 2 more | 7 Ghostscript, Debian Linux, Fedora and 4 more | 2024-11-21 | 7.8 High |
| A flaw was found in, ghostscript versions prior to 9.50, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands. | ||||
| CVE-2019-14763 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 5.5 Medium |
| In the Linux kernel before 4.16.4, a double-locking error in drivers/usb/dwc3/gadget.c may potentially cause a deadlock with f_hid. | ||||
| CVE-2019-14725 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 4.3 Medium |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to change the e-mail usage value of a victim account via an attacker account. | ||||
| CVE-2019-14724 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 7.5 High |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account. | ||||
| CVE-2019-14721 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 6.5 Medium |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to remove a target user from phpMyAdmin via an attacker account. | ||||
| CVE-2019-14693 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2024-11-21 | N/A |
| Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing license XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | ||||
| CVE-2019-14678 | 6 Hp, Ibm, Linux and 3 more | 15 Hp-ux, Aix, Z\/os and 12 more | 2024-11-21 | 10.0 Critical |
| SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used. | ||||
| CVE-2019-14565 | 3 Intel, Linux, Microsoft | 3 Software Guard Extensions Sdk, Linux Kernel, Windows | 2024-11-21 | 7.8 High |
| Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. | ||||
| CVE-2019-14563 | 3 Debian, Redhat, Tianocore | 3 Debian Linux, Enterprise Linux, Edk2 | 2024-11-21 | 7.8 High |
| Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-14556 | 1 Intel | 55 Bios, Celeron 4205u, Celeron 4305u and 52 more | 2024-11-21 | 4.4 Medium |
| Improper initialization in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2019-14403 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 78.0.18 offers an open mail relay because of incorrect domain-redirect routing (SEC-483). | ||||
| CVE-2019-14383 | 2 Openmpt, Opensuse | 2 Libopenmpt, Leap | 2024-11-21 | 6.5 Medium |
| J2B in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | ||||
| CVE-2019-14382 | 1 Openmpt | 1 Libopenmpt | 2024-11-21 | 6.5 Medium |
| DSM in libopenmpt before 0.4.2 allows an assertion failure during file parsing with debug STLs. | ||||
| CVE-2019-14276 | 1 Xnat | 1 Xnat | 2024-11-21 | 6.5 Medium |
| WUSTL XNAT 1.7.5.3 allows XXE attacks via a POST request body. | ||||
| CVE-2019-14271 | 3 Debian, Docker, Opensuse | 3 Debian Linux, Docker, Leap | 2024-11-21 | 9.8 Critical |
| In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. | ||||
| CVE-2019-14258 | 1 Zenoss | 1 Zenoss | 2024-11-21 | N/A |
| The XML-RPC subsystem in Zenoss 2.5.3 allows XXE attacks that lead to unauthenticated information disclosure via port 9988. | ||||
| CVE-2019-14246 | 1 Centos-webpanel | 1 Centos Web Panel | 2024-11-21 | 6.5 Medium |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account. | ||||
| CVE-2019-14245 | 1 Centos-webpanel | 1 Centos Web Panel | 2024-11-21 | 6.5 Medium |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account. | ||||
| CVE-2019-14235 | 3 Djangoproject, Opensuse, Redhat | 3 Django, Leap, Openstack | 2024-11-21 | N/A |
| An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to a recursion when repercent-encoding invalid UTF-8 octet sequences. | ||||