Export limit exceeded: 75865 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75865 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18934 | 4 Fedoraproject, Nlnetlabs, Opensuse and 1 more | 4 Fedora, Unbound, Leap and 1 more | 2024-11-21 | 7.3 High |
| Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration. | ||||
| CVE-2019-18932 | 2 Opensuse, Squid Analysis Report Generator Project | 3 Backports Sle, Leap, Squid Analysis Report Generator | 2024-11-21 | 7.0 High |
| log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. | ||||
| CVE-2019-18931 | 1 Western Digital | 2 My Cloud Ex2 Ultra, My Cloud Ex2 Ultra Firmware | 2024-11-21 | 8.8 High |
| Western Digital My Cloud EX2 Ultra firmware 2.31.195 allows a Buffer Overflow with Extended Instruction Pointer (EIP) control via crafted GET/POST parameters. | ||||
| CVE-2019-18930 | 1 Western Digital | 2 My Cloud Ex2 Ultra, My Cloud Ex2 Ultra Firmware | 2024-11-21 | 8.8 High |
| Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest account) to remotely execute arbitrary code via a stack-based buffer overflow. There is no size verification logic in one of functions in libscheddl.so, and download_mgr.cgi makes it possible to enter large-sized f_idx inputs. | ||||
| CVE-2019-18929 | 1 Western Digital | 2 My Cloud Ex2 Ultra, My Cloud Ex2 Ultra Firmware | 2024-11-21 | 8.8 High |
| Western Digital My Cloud EX2 Ultra firmware 2.31.183 allows web users (including guest accounts) to remotely execute arbitrary code via a download_mgr.cgi stack-based buffer overflow. | ||||
| CVE-2019-18922 | 1 Alliedtelesis | 2 At-gs950\/8, At-gs950\/8 Firmware | 2024-11-21 | 7.5 High |
| A Directory Traversal in the Web interface of the Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 [1.00.047] allows unauthenticated attackers to read arbitrary system files via a GET request. NOTE: This is an End-of-Life product. | ||||
| CVE-2019-18916 | 1 Hp | 10 Color Laserjet Pro Mfp M277 B3q10a, Color Laserjet Pro Mfp M277 B3q10a Firmware, Color Laserjet Pro Mfp M277 B3q10v and 7 more | 2024-11-21 | 7.8 High |
| A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client. | ||||
| CVE-2019-18915 | 1 Hp | 1 System Event Utility | 2024-11-21 | 7.8 High |
| A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service. | ||||
| CVE-2019-18912 | 1 Hp | 23 Futuresmart 4, Laserjet Enterprise Flow Mfp M527 F2a78v, Laserjet Enterprise Flow Mfp M527 F2a79a and 20 more | 2024-11-21 | 7.8 High |
| A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution. | ||||
| CVE-2019-18909 | 2 Hp, Linux | 2 Thinpro, Linux Kernel | 2024-11-21 | 8.0 High |
| The VPN software within HP ThinPro does not safely handle user supplied input, which may be leveraged by an attacker to inject commands that will execute with root privileges. | ||||
| CVE-2019-18903 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Server | 2024-11-21 | 7.5 High |
| A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62. | ||||
| CVE-2019-18902 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Server | 2024-11-21 | 7.5 High |
| A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62. | ||||
| CVE-2019-18898 | 2 Opensuse, Suse | 4 Leap, Opensuse Factory, Suse Linux Enterprise Server and 1 more | 2024-11-21 | 7.7 High |
| UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. | ||||
| CVE-2019-18897 | 2 Opensuse, Suse | 2 Leap, Linux Enterprise Server | 2024-11-21 | 8.4 High |
| A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of salt of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Factory allows local attackers to escalate privileges from user salt to root. This issue affects: SUSE Linux Enterprise Server 12 salt-master version 2019.2.0-46.83.1 and prior versions. SUSE Linux Enterprise Server 15 salt-master version 2019.2.0-6.21.1 and prior versions. openSUSE Factory salt-master version 2019.2.2-3.1 and prior versions. | ||||
| CVE-2019-18895 | 2 Microsoft, Scanguard | 2 Windows, Scanguard Antivirus | 2024-11-21 | 7.8 High |
| Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory, leading to privilege escalation via a Trojan horse executable file. | ||||
| CVE-2019-18894 | 1 Avast | 1 Premium Security | 2024-11-21 | 7.8 High |
| In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently logged in user. This allows for example attackers who compromised a browser extension to escape from the browser sandbox. | ||||
| CVE-2019-18888 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2024-11-21 | 7.5 High |
| An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. This is related to symfony/http-foundation (and symfony/mime in 4.3.x). | ||||
| CVE-2019-18887 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2024-11-21 | 8.1 High |
| An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel. | ||||
| CVE-2019-18884 | 1 Fairsketch | 1 Rise - Ultimate Project Manager | 2024-11-21 | 8.8 High |
| index.php/team_members/add_team_member in RISE Ultimate Project Manager 2.3 has CSRF for adding authorized users. | ||||
| CVE-2019-18874 | 2 Psutil Project, Redhat | 7 Psutil, Ansible Tower, Enterprise Linux and 4 more | 2024-11-21 | 7.5 High |
| psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. | ||||