Export limit exceeded: 337687 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 75802 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75802 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16775 | 5 Fedoraproject, Npmjs, Opensuse and 2 more | 8 Fedora, Npm, Leap and 5 more | 2024-11-21 | 7.7 High |
| Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a user's system when the package is installed. This behavior is still possible through install scripts. This vulnerability bypasses a user using the --ignore-scripts install option. | ||||
| CVE-2019-16766 | 1 Labdigital | 1 Wagtail-2fa | 2024-11-21 | 8.7 High |
| When using wagtail-2fa before 1.3.0, if someone gains access to someone's Wagtail login credentials, they can log into the CMS and bypass the 2FA check by changing the URL. They can then add a new device and gain full access to the CMS. This problem has been patched in version 1.3.0. | ||||
| CVE-2019-16765 | 1 Microsoft | 1 Codeql | 2024-11-21 | 7.4 High |
| If an attacker can get a user to open a specially prepared directory tree as a workspace in Visual Studio Code with the CodeQL extension active, arbitrary code of the attacker's choosing may be executed on the user's behalf. This is fixed in version 1.0.1 of the extension. Users should upgrade to this version using Visual Studio Code Marketplace's upgrade mechanism. After upgrading, the codeQL.cli.executablePath setting can only be set in the per-user settings, and not in the per-workspace settings. More information about VS Code settings can be found here. | ||||
| CVE-2019-16758 | 1 Lexmark | 2 Services Monitor, Services Monitor Firmware | 2024-11-21 | 7.5 High |
| In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system. | ||||
| CVE-2019-16754 | 1 Riot-os | 1 Riot | 2024-11-21 | 7.5 High |
| RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation (asymcute), potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message and the ephemeral port used by RIOT's MQTT implementation. Additionally, the server IP address is required for spoofing the packet. | ||||
| CVE-2019-16753 | 2 Decentralized Anonymous Payment System Project, Pivx | 2 Decentralized Anonymous Payment System, Private Instant Verified Transactions | 2024-11-21 | 7.5 High |
| An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. The content to be signed is composed of a representation of strings, rather than being composed of their binary representations. This is a weak signature scheme design that would allow the reuse of signatures in some cases (or even the reuse of signatures, intended for one type of message, for another type). This also affects Private Instant Verified Transactions (PIVX) through 3.4.0. | ||||
| CVE-2019-16747 | 1 Matrixssl | 1 Matrixssl | 2024-11-21 | 7.5 High |
| In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431. | ||||
| CVE-2019-16745 | 1 Ebrigade | 1 Ebrigade | 2024-11-21 | 8.8 High |
| eBrigade before 5.0 has evenement_choice.php chxCal SQL Injection. | ||||
| CVE-2019-16744 | 1 Ebrigade | 1 Ebrigade | 2024-11-21 | 8.8 High |
| eBrigade before 5.0 has evenements.php cid SQL Injection. | ||||
| CVE-2019-16743 | 1 Ebrigade | 1 Ebrigade | 2024-11-21 | 8.8 High |
| eBrigade before 5.0 has evenement_ical.php evenement SQL Injection. | ||||
| CVE-2019-16732 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2024-11-21 | 8.1 High |
| Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user. | ||||
| CVE-2019-16731 | 2 Petwant, Skymee | 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more | 2024-11-21 | 7.5 High |
| The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings. | ||||
| CVE-2019-16729 | 3 Canonical, Debian, Pam-python Project | 3 Ubuntu Linux, Debian Linux, Pam-python | 2024-11-21 | 7.8 High |
| pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups. | ||||
| CVE-2019-16720 | 1 Zzzcms | 1 Zzzphp | 2024-11-21 | 7.5 High |
| ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. | ||||
| CVE-2019-16718 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.8 High |
| In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables. | ||||
| CVE-2019-16714 | 3 Canonical, F5, Linux | 3 Ubuntu Linux, Traffix Signaling Delivery Controller, Linux Kernel | 2024-11-21 | 7.5 High |
| In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized. | ||||
| CVE-2019-16706 | 1 Kkcms Project | 1 Kkcms | 2024-11-21 | 8.8 High |
| kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php. | ||||
| CVE-2019-16701 | 1 Netgate | 1 Pfsense | 2024-11-21 | 8.8 High |
| pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value. | ||||
| CVE-2019-16682 | 1 Url Redirect Project | 1 Url Redirect | 2024-11-21 | 7.3 High |
| The url_redirect (aka URL redirect) extension through 1.2.1 for TYPO3 fails to properly sanitize user input and is susceptible to SQL Injection. | ||||
| CVE-2019-16675 | 1 Phoenixcontact | 3 Config\+, Pc Worx, Pc Worx Express | 2024-11-21 | 7.8 High |
| An issue was discovered in PHOENIX CONTACT PC Worx through 1.86, PC Worx Express through 1.86, and Config+ through 1.86. A manipulated PC Worx or Config+ project file could lead to an Out-of-bounds Read and remote code execution. The attacker needs to get access to an original PC Worx or Config+ project to be able to manipulate data inside. After manipulation, the attacker needs to exchange the original files with the manipulated ones on the application programming workstation. | ||||