Export limit exceeded: 363719 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363719 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19235 | 2 Asus, Microsoft | 2 Atk Package, Windows 10 | 2024-11-21 | 7.0 High |
| AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 notebook PCs) could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name. | ||||
| CVE-2019-19234 | 2 Redhat, Sudo | 2 Enterprise Linux, Sudo | 2024-11-21 | 7.5 High |
| In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash | ||||
| CVE-2019-19232 | 2 Redhat, Sudo | 2 Enterprise Linux, Sudo | 2024-11-21 | 7.5 High |
| In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions | ||||
| CVE-2019-19231 | 2 Broadcom, Microsoft | 2 Ca Client Automation, Windows | 2024-11-21 | 7.3 High |
| An insecure file access vulnerability exists in CA Client Automation 14.0, 14.1, 14.2, and 14.3 Agent for Windows that can allow a local attacker to gain escalated privileges. | ||||
| CVE-2019-19230 | 3 Broadcom, Linux, Microsoft | 3 Nolio, Linux Kernel, Windows | 2024-11-21 | 9.8 Critical |
| An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code. | ||||
| CVE-2019-19229 | 1 Fronius | 132 Datamanager Box 2.0, Datamanager Box 2.0 Firmware, Eco 25.0-3-s and 129 more | 2024-11-21 | 6.5 Medium |
| admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal. | ||||
| CVE-2019-19228 | 1 Fronius | 132 Datamanager Box 2.0, Datamanager Box 2.0 Firmware, Eco 25.0-3-s and 129 more | 2024-11-21 | 9.8 Critical |
| Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file. | ||||
| CVE-2019-19227 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| In the AppleTalk subsystem in the Linux kernel before 5.1, there is a potential NULL pointer dereference because register_snap_client may return NULL. This will lead to denial of service in net/appletalk/aarp.c and net/appletalk/ddp.c, as demonstrated by unregister_snap_client, aka CID-9804501fa122. | ||||
| CVE-2019-19226 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-11-21 | 7.5 High |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to enable or disable MAC address filtering by submitting a crafted Forms/WlanMacFilter_1 POST request without being authenticated on the admin interface. | ||||
| CVE-2019-19225 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-11-21 | 7.5 High |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to change DNS servers without being authenticated on the admin interface by submitting a crafted Forms/dns_1 POST request. | ||||
| CVE-2019-19224 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-11-21 | 7.5 High |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to download the configuration (binary file) settings by submitting a rom-0 GET request without being authenticated on the admin interface. | ||||
| CVE-2019-19223 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-11-21 | 7.5 High |
| A Broken Access Control vulnerability in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an attacker to reboot the router by submitting a reboot.html GET request without being authenticated on the admin interface. | ||||
| CVE-2019-19222 | 1 Dlink | 2 Dsl-2680, Dsl-2680 Firmware | 2024-11-21 | 5.4 Medium |
| A Stored XSS issue in the D-Link DSL-2680 web administration interface (Firmware EU_1.03) allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wireless_autonetwork_1 POST request. | ||||
| CVE-2019-19221 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.5 Medium |
| In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive. | ||||
| CVE-2019-19220 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-11-21 | 8.8 High |
| BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2). | ||||
| CVE-2019-19219 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-11-21 | 7.5 High |
| BMC Control-M/Agent 7.0.00.000 allows Arbitrary File Download. | ||||
| CVE-2019-19218 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-11-21 | 7.5 High |
| BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage. | ||||
| CVE-2019-19217 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-11-21 | 8.8 High |
| BMC Control-M/Agent 7.0.00.000 allows OS Command Injection. | ||||
| CVE-2019-19216 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-11-21 | 8.8 High |
| BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy. | ||||
| CVE-2019-19215 | 1 Bmcsoftware | 1 Control-m\/agent | 2024-11-21 | 8.8 High |
| A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server. | ||||