Export limit exceeded: 75900 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75900 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19796 | 1 Yabasic | 1 Yabasic | 2024-11-21 | 7.8 High |
| Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file. | ||||
| CVE-2019-19795 | 1 Samurai Project | 1 Samurai | 2024-11-21 | 7.8 High |
| samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file. | ||||
| CVE-2019-19793 | 2 Cyxtera, Microsoft | 2 Appgate Sdp, Windows | 2024-11-21 | 8.8 High |
| In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges. | ||||
| CVE-2019-19787 | 2 Atasm Project, Fedoraproject | 2 Atasm, Fedora | 2024-11-21 | 7.8 High |
| ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file. | ||||
| CVE-2019-19786 | 2 Atasm Project, Fedoraproject | 2 Atasm, Fedora | 2024-11-21 | 7.8 High |
| ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file. | ||||
| CVE-2019-19785 | 2 Atasm Project, Fedoraproject | 2 Atasm, Fedora | 2024-11-21 | 7.8 High |
| ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file. | ||||
| CVE-2019-19778 | 1 Libsixel Project | 1 Libsixel | 2024-11-21 | 8.8 High |
| An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c. | ||||
| CVE-2019-19777 | 2 Libsixel Project, Nothings | 2 Libsixel, Stb Image.h | 2024-11-21 | 8.8 High |
| stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. | ||||
| CVE-2019-19774 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-11-21 | 8.8 High |
| An issue was discovered in Zoho ManageEngine EventLog Analyzer 10.0 SP1 before Build 12110. By running "select hostdetails from hostdetails" at the /event/runquery.do endpoint, it is possible to bypass the security restrictions that prevent even administrative users from viewing credential data stored in the database, and recover the MD5 hashes of the accounts used to authenticate the ManageEngine platform to the managed machines on the network (most often administrative accounts). Specifically, this bypasses these restrictions: a query cannot mention password, and a query result cannot have a password column. | ||||
| CVE-2019-19771 | 1 Lodahs Project | 1 Lodahs | 2024-11-21 | 8.8 High |
| The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets. | ||||
| CVE-2019-19770 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 8.2 High |
| In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace | ||||
| CVE-2019-19768 | 2 Linux, Redhat | 8 Linux Kernel, Enterprise Linux, Enterprise Mrg and 5 more | 2024-11-21 | 7.5 High |
| In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer). | ||||
| CVE-2019-19766 | 1 Bitwarden | 1 Server | 2024-11-21 | 7.5 High |
| The Bitwarden server through 1.32.0 has a potentially unwanted KDF. | ||||
| CVE-2019-19756 | 1 Lenovo | 1 Xclarity Administrator | 2024-11-21 | 7.9 High |
| An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA. | ||||
| CVE-2019-19745 | 1 Contao | 1 Contao | 2024-11-21 | 8.8 High |
| Contao 4.0 through 4.8.5 allows PHP local file inclusion. A back end user with access to the form generator can upload arbitrary files and execute them on the server. | ||||
| CVE-2019-19741 | 1 Ea | 1 Origin | 2024-11-21 | 7.8 High |
| Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. When Origin.exe connects to the named pipe OriginClientService, the privileged service verifies the client's executable file instead of its in-memory process (which can be significantly different from the executable file due to, for example, DLL injection). Data transmitted over the pipe is encrypted using a static key. Instead of hooking the pipe communication directly via WriteFileEx(), this can be bypassed by hooking the EVP_EncryptUpdate() function of libeay32.dll. The pipe takes the command CreateDirectory to create a directory and adjust the directory DACL. Calls to this function can be intercepted, the directory and the DACL can be replaced, and the manipulated DACL is written. Arbitrary DACL write is further achieved by creating a hardlink in a user-controlled directory that points to (for example) a service binary. The DACL is then written to this service binary, which results in escalation of privileges. | ||||
| CVE-2019-19739 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 7.5 High |
| MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels. | ||||
| CVE-2019-19737 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 8.8 High |
| MFScripts YetiShare 3.5.2 through 4.5.3 does not set the SameSite flag on session cookies, allowing the cookie to be sent in cross-site requests and potentially be used in cross-site request forgery attacks. | ||||
| CVE-2019-19734 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 8.8 High |
| _account_move_file_in_folder.ajax.php in MFScripts YetiShare 3.5.2 directly inserts values from the fileIds parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. | ||||
| CVE-2019-19732 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 7.2 High |
| translation_manage_text.ajax.php and various *_manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir_0 and/or sSortDir_0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from the database, aka SQL Injection. | ||||