Export limit exceeded: 75844 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75844 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17513 | 1 Ratpack Project | 1 Ratpack | 2024-11-21 | 7.5 High |
| An issue was discovered in Ratpack before 1.7.5. Due to a misuse of the Netty library class DefaultHttpHeaders, there is no validation that headers lack HTTP control characters. Thus, if untrusted data is used to construct HTTP headers with Ratpack, HTTP Response Splitting can occur. | ||||
| CVE-2019-17511 | 1 Dlink | 2 Dir-412, Dir-412 Firmware | 2024-11-21 | 7.5 High |
| There are some web interfaces without authentication requirements on D-Link DIR-412 A1-1.14WW routers. An attacker can get the router's log file via log_get.php, which could be used to discover the intranet network structure. | ||||
| CVE-2019-17507 | 1 Dlink | 2 Dir-816 A1, Dir-816 A1 Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp, version.asp, d_dhcptbl.asp, and d_acl.asp. | ||||
| CVE-2019-17505 | 1 Dlink | 2 Dap-1320 A2, Dap-1320 A2 Firmware | 2024-11-21 | 7.5 High |
| D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplink_info.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack. | ||||
| CVE-2019-17502 | 1 Hydra Project | 1 Hydra | 2024-11-21 | 7.5 High |
| Hydra through 0.1.8 has a NULL pointer dereference and daemon crash when processing POST requests that lack a Content-Length header. read.c, request.c, and util.c contribute to this. The process_header_end() function calls boa_atoi(), which ultimately calls atoi() on a NULL pointer. | ||||
| CVE-2019-17501 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen). CVE-2019-17501 and CVE-2019-16405 are similar to one another and may be the same. | ||||
| CVE-2019-17499 | 1 Compal | 2 Ch7465lg, Ch7465lg Firmware | 2024-11-21 | 8.8 High |
| The setter.xml component of the Common Gateway Interface on Compal CH7465LG 6.12.18.25-2p4 devices does not properly validate ping command arguments, which allows remote authenticated users to execute OS commands as root via shell metacharacters in the Target_IP parameter. | ||||
| CVE-2019-17498 | 6 Debian, Fedoraproject, Libssh2 and 3 more | 13 Debian Linux, Fedora, Libssh2 and 10 more | 2024-11-21 | 8.1 High |
| In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. | ||||
| CVE-2019-17490 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 8.8 High |
| app\modules\polygon\controllers\ProblemController in Jiangnan Online Judge (aka jnoj) 0.8.0 allows arbitrary file upload, as demonstrated by PHP code (with a .php filename but the image/png content type) to the web/polygon/problem/tests URI. | ||||
| CVE-2019-17446 | 2 Eracent, Linux | 2 Epa Agent, Linux Kernel | 2024-11-21 | 7.8 High |
| An issue was discovered in Eracent EPA Agent through 10.2.26. The agent executable, when installed for non-root operations (scanning), can be used to start external programs with elevated permissions because of an Untrusted Search Path. | ||||
| CVE-2019-17437 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.8 High |
| An improper authentication check in Palo Alto Networks PAN-OS may allow an authenticated low privileged non-superuser custom role user to elevate privileges and become superuser. This issue affects PAN-OS 7.1 versions prior to 7.1.25; 8.0 versions prior to 8.0.20; 8.1 versions prior to 8.1.11; 9.0 versions prior to 9.0.5. PAN-OS version 7.0 and prior EOL versions have not been evaluated for this issue. | ||||
| CVE-2019-17436 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | 7.1 High |
| A Local Privilege Escalation vulnerability exists in GlobalProtect Agent for Linux and Mac OS X version 5.0.4 and earlier and version 4.1.12 and earlier, that can allow non-root users to overwrite root files on the file system. | ||||
| CVE-2019-17431 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | 8.8 High |
| An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability. | ||||
| CVE-2019-17424 | 1 Nipper-ng Project | 1 Nipper-ng | 2024-11-21 | 7.8 High |
| A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file. | ||||
| CVE-2019-17421 | 1 Zohocorp | 2 Manageengine Firewall Analyzer, Manageengine Opmanager | 2024-11-21 | 7.8 High |
| Incorrect file permissions on the packaged Nipper executable file in Zoho ManageEngine OpManager 12.4.072 and Firewall Analyzer 12.4.072 allow local users to elevate privileges to root by overwriting this file with a malicious payload. | ||||
| CVE-2019-17419 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 7.2 High |
| An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=user&c=admin_user&a=doGetUserInfo id parameter. | ||||
| CVE-2019-17418 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 7.2 High |
| An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997. | ||||
| CVE-2019-17414 | 1 Vino Project | 1 Vino | 2024-11-21 | 7.5 High |
| tinylcy Vino through 2017-12-15 allows remote attackers to cause a denial of service ("vn_get_string error: Resource temporarily unavailable" error and daemon crash) via a long URL. | ||||
| CVE-2019-17403 | 1 Nokia | 1 Impact | 2024-11-21 | 8.8 High |
| Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. | ||||
| CVE-2019-17400 | 2 Redhat, Universal Office Converter Project | 2 Enterprise Linux, Universal Office Converter | 2024-11-21 | 7.5 High |
| The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion. | ||||