Export limit exceeded: 75809 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75809 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16917 | 1 Wikidsystems | 1 Two Factor Authentication Enterprise Server | 2024-11-21 | 8.8 High |
| WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function. | ||||
| CVE-2019-16913 | 1 Pcprotect | 1 Antivirus | 2024-11-21 | 7.8 High |
| PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\PCProtect with very weak folder permissions, granting any user full permission "Everyone: (F)" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to "NT AUTHORITY\SYSTEM" by substituting the service's binary with a Trojan horse. | ||||
| CVE-2019-16906 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2024-11-21 | 7.5 High |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These notifications are then no longer displayed to the normal user. | ||||
| CVE-2019-16902 | 1 Reputeinfosystems | 1 Arforms | 2024-11-21 | 7.5 High |
| In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an arbitrary file by supplying the full pathname. | ||||
| CVE-2019-16901 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 7.5 High |
| Advantech WebAccess/HMI Designer 2.1.9.31 has Exception Handler Chain corruption starting at Unknown Symbol @ 0x0000000000000000 called from ntdll!RtlRaiseStatus+0x00000000000000b4. | ||||
| CVE-2019-16900 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 7.5 High |
| Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. | ||||
| CVE-2019-16899 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 7.5 High |
| In Advantech WebAccess/HMI Designer 2.1.9.31, Data from a Faulting Address controls Code Flow starting at PM_V3!CTagInfoThreadBase::GetNICInfo+0x0000000000512918. | ||||
| CVE-2019-16896 | 1 K7computing | 1 K7 Ultimate Security | 2024-11-21 | 7.8 High |
| In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link attack with file restoration functionality. | ||||
| CVE-2019-16893 | 1 Tp-link | 2 Tp-sg105e, Tp-sg105e Firmware | 2024-11-21 | 7.5 High |
| The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request. | ||||
| CVE-2019-16889 | 1 Ui | 24 Ep-r6, Ep-r6 Firmware, Ep-r8 and 21 more | 2024-11-21 | 7.5 High |
| Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs. | ||||
| CVE-2019-16887 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc. | ||||
| CVE-2019-16884 | 6 Canonical, Docker, Fedoraproject and 3 more | 12 Ubuntu Linux, Docker, Fedora and 9 more | 2024-11-21 | 7.5 High |
| runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | ||||
| CVE-2019-16882 | 1 String-interner Project | 1 String-interner | 2024-11-21 | 7.5 High |
| An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw. | ||||
| CVE-2019-16877 | 1 Portainer | 1 Portainer | 2024-11-21 | 8.8 High |
| Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). | ||||
| CVE-2019-16876 | 1 Portainer | 1 Portainer | 2024-11-21 | 7.5 High |
| Portainer before 1.22.1 allows Directory Traversal. | ||||
| CVE-2019-16866 | 2 Canonical, Nlnetlabs | 2 Ubuntu Linux, Unbound | 2024-11-21 | 7.5 High |
| Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. | ||||
| CVE-2019-16865 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. | ||||
| CVE-2019-16864 | 2 Enterprisedt, Microsoft | 2 Completeftp Server, Windows | 2024-11-21 | 8.8 High |
| CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM. | ||||
| CVE-2019-16861 | 2 Code42, Microsoft | 2 Code42, Windows | 2024-11-21 | 7.3 High |
| Code42 server through 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local server could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local server. | ||||
| CVE-2019-16860 | 2 Code42, Microsoft | 2 Code42, Windows | 2024-11-21 | 7.3 High |
| Code42 app through version 7.0.2 for Windows has an Untrusted Search Path. In certain situations, a non-administrative attacker on the local machine could create or modify a dynamic-link library (DLL). The Code42 service could then load it at runtime, and potentially execute arbitrary code at an elevated privilege on the local machine. | ||||