Export limit exceeded: 367189 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 87079 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (87079 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19538 | 1 Sangoma | 1 Freepbx | 2024-11-21 | 7.2 High |
| In Sangoma FreePBX 13 through 15 and sysadmin (aka System Admin) 13.0.92 through 15.0.13.6 modules have a Remote Command Execution vulnerability that results in Privilege Escalation. | ||||
| CVE-2019-19522 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 7.8 High |
| OpenBSD 6.6, in a non-default configuration where S/Key or YubiKey authentication is enabled, allows local users to become root by leveraging membership in the auth group. This occurs because root's file can be written to /etc/skey or /var/db/yubikey, and need not be owned by root. | ||||
| CVE-2019-19520 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 7.8 High |
| xlock in OpenBSD 6.6 allows local users to gain the privileges of the auth group by providing a LIBGL_DRIVERS_PATH environment variable, because xenocara/lib/mesa/src/loader/loader.c mishandles dlopen. | ||||
| CVE-2019-19519 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 7.8 High |
| In OpenBSD 6.6, local users can use the su -L option to achieve any login class (often excluding root) because there is a logic error in the main function in su/su.c. | ||||
| CVE-2019-19517 | 1 Intelbras | 2 Action Rf 1200, Action Rf 1200 Firmware | 2024-11-21 | 8.8 High |
| Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process. | ||||
| CVE-2019-19509 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 8.8 High |
| An issue was discovered in rConfig 3.9.3. A remote authenticated user can directly execute system commands by sending a GET request to ajaxArchiveFiles.php because the path parameter is passed to the exec function without filtering, which can lead to command execution. | ||||
| CVE-2019-19506 | 1 Tendacn | 2 Pa6, Pa6 Firmware | 2024-11-21 | 7.5 High |
| Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a denial of service, caused by an error in the "homeplugd" process. By sending a specially crafted UDP packet, an attacker could exploit this vulnerability to cause the device to reboot. | ||||
| CVE-2019-19505 | 1 Tendacn | 2 Pa6, Pa6 Firmware | 2024-11-21 | 8.8 High |
| Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. | ||||
| CVE-2019-19501 | 1 Idrix | 1 Veracrypt | 2024-11-21 | 7.8 High |
| VeraCrypt 1.24 allows Local Privilege Escalation during execution of VeraCryptExpander.exe. | ||||
| CVE-2019-19494 | 4 Compal, Netgear, Sagemcom and 1 more | 14 7284e, 7284e Firmware, 7486e and 11 more | 2024-11-21 | 8.8 High |
| Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11. | ||||
| CVE-2019-19490 | 1 Litemanager | 1 Litemanager | 2024-11-21 | 7.3 High |
| LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe. | ||||
| CVE-2019-19487 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| Command Injection in minPlayCommand.php in Centreon (19.04.4 and below) allows an attacker to achieve command injection via a plugin test. | ||||
| CVE-2019-19475 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in “Authenticated Users” group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system. | ||||
| CVE-2019-19470 | 1 Tinywall | 1 Tinywall | 2024-11-21 | 7.8 High |
| Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13. | ||||
| CVE-2019-19469 | 1 Zmanda | 1 Amanda | 2024-11-21 | 8.8 High |
| In Zmanda Management Console 3.3.9, ZMC_Admin_Advanced?form=adminTasks&action=Apply&command= allows CSRF, as demonstrated by command injection with shell metacharacters. This may depend on weak default credentials. | ||||
| CVE-2019-19468 | 1 10-strike | 1 Free Photo Viewer | 2024-11-21 | 7.8 High |
| Free Photo Viewer 1.3 allows remote attackers to execute arbitrary code via a crafted BMP and/or TIFF file that triggers a malformed SEH, as demonstrated by a 0012ECB4 FreePhot.00425642 42200008 corrupt entry. | ||||
| CVE-2019-19458 | 1 Saltosystem | 1 Proaccess Space | 2024-11-21 | 8.6 High |
| SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature. | ||||
| CVE-2019-19455 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 7.8 High |
| Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as root. This issue was resolved in Wowza Streaming Engine 4.8.5. | ||||
| CVE-2019-19454 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 7.5 High |
| An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.x. This issue was resolved in Wowza Streaming Engine 4.8.0. | ||||
| CVE-2019-19452 | 1 Patriotmemory | 1 Viper Rgb Driver | 2024-11-21 | 7.8 High |
| A buffer overflow was found in Patriot Viper RGB through 1.1 when processing IoControlCode 0x80102040. Local attackers (including low integrity processes) can exploit this to gain NT AUTHORITY\SYSTEM privileges. | ||||