Export limit exceeded: 75733 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75733 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15916 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. | ||||
| CVE-2019-15915 | 1 Mi | 8 Dgnwg03lm, Dgnwg03lm Firmware, Mccgq01lm and 5 more | 2024-11-21 | 7.5 High |
| An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack. | ||||
| CVE-2019-15914 | 1 Mi | 10 Dgnwg03lm, Dgnwg03lm Firmware, Mccgq01lm and 7 more | 2024-11-21 | 7.5 High |
| An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks. | ||||
| CVE-2019-15912 | 1 Asus | 14 As-101, As-101 Firmware, Dl-101 and 11 more | 2024-11-21 | 7.5 High |
| An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks. | ||||
| CVE-2019-15910 | 1 Asus | 14 As-101, As-101 Firmware, Dl-101 and 11 more | 2024-11-21 | 7.5 High |
| An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack. | ||||
| CVE-2019-15901 | 2 Doas Project, Linux | 2 Doas, Linux Kernel | 2024-11-21 | 8.8 High |
| An issue was discovered in slicer69 doas before 6.2 on certain platforms other than OpenBSD. A setusercontext(3) call with flags to change the UID, primary GID, and secondary GIDs was replaced (on certain platforms: Linux and possibly NetBSD) with a single setuid(2) call. This resulted in neither changing the group id nor initializing secondary group ids. | ||||
| CVE-2019-15895 | 1 Search Exclude Project | 1 Search Exclude | 2024-11-21 | 7.5 High |
| search-exclude.php in the "Search Exclude" plugin before 1.2.4 for WordPress allows unauthenticated options changes. | ||||
| CVE-2019-15893 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 7.2 High |
| Sonatype Nexus Repository Manager 2.x before 2.14.15 allows Remote Code Execution. | ||||
| CVE-2019-15890 | 3 Libslirp Project, Qemu, Redhat | 5 Libslirp, Qemu, Advanced Virtualization and 2 more | 2024-11-21 | 7.5 High |
| libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. | ||||
| CVE-2019-15879 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.4 High |
| In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory. | ||||
| CVE-2019-15878 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.8 High |
| In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key. | ||||
| CVE-2019-15862 | 1 Cksource | 1 Ckfinder | 2024-11-21 | 7.5 High |
| An issue was discovered in CKFinder through 2.6.2.1. Improper checks of file names allows remote attackers to upload files without any extension (even if the application was configured to accept files only with a defined set of extensions). This affects CKFinder for ASP, CKFinder for ASP.NET, CKFinder for ColdFusion, and CKFinder for PHP. | ||||
| CVE-2019-15858 | 1 Webcraftic | 1 Woody Ad Snippets | 2024-11-21 | 8.8 High |
| admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution. | ||||
| CVE-2019-15854 | 1 Maarch | 1 Maarch Rm | 2024-11-21 | 8.8 High |
| An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource. | ||||
| CVE-2019-15850 | 1 Eq-3 | 2 Homematic Ccu3, Homematic Ccu3 Firmware | 2024-11-21 | 8.8 High |
| eQ-3 HomeMatic CCU3 firmware version 3.41.11 allows Remote Code Execution in the ReGa.runScript method. An authenticated attacker can easily execute code and compromise the system. | ||||
| CVE-2019-15849 | 1 Eq-3 | 2 Homematic Ccu3, Homematic Ccu3 Firmware | 2024-11-21 | 7.3 High |
| eQ-3 HomeMatic CCU3 firmware 3.41.11 allows session fixation. An attacker can create session IDs and send them to the victim. After the victim logs in to the session, the attacker can use that session. The attacker could create SSH logins after a valid session and easily compromise the system. | ||||
| CVE-2019-15847 | 3 Gnu, Opensuse, Redhat | 4 Gcc, Leap, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example, within a single execution of a program, the output of every __builtin_darn() call may be the same. | ||||
| CVE-2019-15843 | 1 Mi | 1 Xiaomi Millet Firmware | 2024-11-21 | 7.4 High |
| A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing. | ||||
| CVE-2019-15813 | 1 Sentrifugo | 1 Sentrifugo | 2024-11-21 | 8.8 High |
| Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell. | ||||
| CVE-2019-15804 | 1 Zyxel | 18 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 15 more | 2024-11-21 | 7.5 High |
| An issue was discovered on Zyxel GS1900 devices with firmware before 2.50(AAHH.0)C0. By sending a signal to the CLI process, undocumented functionality is triggered. Specifically, a menu can be triggered by sending the SIGQUIT signal to the CLI application (e.g., through CTRL+\ via SSH). The access control check for this menu does work and prohibits accessing the menu, which contains "Password recovery for specific user" options. The menu is believed to be accessible using a serial console. | ||||