Export limit exceeded: 337168 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 75572 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75572 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12817 | 6 Canonical, Debian, Fedoraproject and 3 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2024-11-21 | 7.0 High |
| arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. | ||||
| CVE-2019-12809 | 1 Yes24 | 1 Viewer Activex | 2024-11-21 | 8.8 High |
| Yes24ViewerX ActiveX Control 1.0.327.50126 and earlier versions contains a vulnerability that could allow remote attackers to download and execute arbitrary files by setting the arguments to the ActiveX method. This can be leveraged for code execution. | ||||
| CVE-2019-12808 | 1 Estsoft | 1 Altools | 2024-11-21 | 7.8 High |
| ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges. | ||||
| CVE-2019-12807 | 2 Estsoft, Microsoft | 2 Alzip, Windows | 2024-11-21 | 7.8 High |
| Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code. | ||||
| CVE-2019-12806 | 2 Crosscert, Microsoft | 2 Unisign, Windows | 2024-11-21 | 8.8 High |
| UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets. | ||||
| CVE-2019-12805 | 1 Ncsoft | 1 Nc Launcher2 | 2024-11-21 | 8.8 High |
| NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This can be leveraged for code execution in the context of the current user. | ||||
| CVE-2019-12802 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 7.8 High |
| In radare2 through 3.5.1, the rcc_context function of libr/egg/egg_lang.c mishandles changing context. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact (invalid memory access in r_egg_lang_parsechar; invalid free in rcc_pusharg). | ||||
| CVE-2019-12799 | 1 Shopware | 1 Shopware | 2024-11-21 | 8.8 High |
| In createInstanceFromNamedArguments in Shopware through 5.6.x, a crafted web request can trigger a PHP object instantiation vulnerability, which can result in an arbitrary deserialization if the right class is instantiated. An attacker can leverage this deserialization to achieve remote code execution. NOTE: this issue is a bypass for a CVE-2017-18357 whitelist patch. | ||||
| CVE-2019-12788 | 1 Photodex | 1 Proshow Producer | 2024-11-21 | 7.8 High |
| An issue was discovered in Photodex ProShow Producer v9.0.3797 (an application that runs with Administrator privileges). It is possible to perform a buffer overflow via a crafted file. | ||||
| CVE-2019-12787 | 1 Dlink | 2 Dir-818lw, Dir-818lw Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key. | ||||
| CVE-2019-12786 | 1 Dlink | 2 Dir-818lw, Dir-818lw Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key. | ||||
| CVE-2019-12784 | 1 Verint | 1 Impact 360 | 2024-11-21 | 8.8 High |
| An issue was discovered in Verint Impact 360 15.1. At wfo/control/signin, the login form can accept submissions from external websites. In conjunction with CVE-2019-12783, this can be used by attackers to "crowdsource" bruteforce login attempts on the target site, allowing them to guess and potentially compromise valid credentials without ever sending any traffic from their own machine to the target site. | ||||
| CVE-2019-12769 | 1 Solarwinds | 1 Serv-u Managed File Transfer | 2024-11-21 | 8.8 High |
| SolarWinds Serv-U Managed File Transfer (MFT) Web client before 15.1.6 Hotfix 2 is vulnerable to Cross-Site Request Forgery in the file upload functionality via ?Command=Upload with the Dir and File parameters. | ||||
| CVE-2019-12759 | 1 Symantec | 2 Endpoint Protection Manager, Mail Security | 2024-11-21 | 7.8 High |
| Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2019-12757 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 7.8 High |
| Symantec Endpoint Protection (SEP), prior to 14.2 RU2 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition (SEP SBE) prior to 12.1 RU6 MP10d (12.1.7510.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2019-12747 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 8.8 High |
| TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data. | ||||
| CVE-2019-12734 | 1 Sitevision | 1 Sitevision | 2024-11-21 | 8.8 High |
| SiteVision 4 has Incorrect Access Control. | ||||
| CVE-2019-12733 | 1 Sitevision | 1 Sitevision | 2024-11-21 | 8.8 High |
| SiteVision 4 allows Remote Code Execution. | ||||
| CVE-2019-12728 | 1 Grails | 1 Grails | 2024-11-21 | 8.1 High |
| Grails before 3.3.10 used cleartext HTTP to resolve the SDKMan notification service. NOTE: users' apps were not resolving dependencies over cleartext HTTP. | ||||
| CVE-2019-12720 | 1 Auo | 1 Sunveillance Monitoring System \& Data Recorder | 2024-11-21 | 7.5 High |
| AUO SunVeillance Monitoring System before v1.1.9e is vulnerable to mvc_send_mail.aspx (MailAdd parameter) SQL Injection. An Attacker can carry a SQL Injection payload to the server, allowing the attacker to read privileged data. This also affects the picture_manage_mvc.aspx plant_no parameter, the swapdl_mvc.aspx plant_no parameter, and the account_management.aspx Text_Postal_Code and Text_Dis_Code parameters. | ||||