Export limit exceeded: 363851 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363851 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363851 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19412 | 1 Huawei | 56 Alp-al00b, Alp-al00b Firmware, Alp-l09 and 53 more | 2024-11-21 | 4.6 Medium |
| Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en. | ||||
| CVE-2019-19411 | 1 Huawei | 2 Usg9500, Usg9500 Firmware | 2024-11-21 | 3.7 Low |
| USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished. | ||||
| CVE-2019-19398 | 1 Huawei | 2 M5 Lite 10, M5 Lite 10 Firmware | 2024-11-21 | 9.8 Critical |
| M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify the memory of the device by doing a series of operations. Successful exploit may lead to malicious code execution. | ||||
| CVE-2019-19397 | 1 Huawei | 14 S12700, S12700 Firmware, S1700 and 11 more | 2024-11-21 | 7.5 High |
| There is a weak algorithm vulnerability in some Huawei products. The affected products use weak algorithms by default. Attackers may exploit the vulnerability to cause information leaks. | ||||
| CVE-2019-19396 | 1 Omniosce | 1 Omnios | 2024-11-21 | 7.5 High |
| illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences. | ||||
| CVE-2019-19394 | 1 Northern.tech | 1 Cfengine | 2024-11-21 | 6.1 Medium |
| Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x before 3.12.3, 3.13.x, and 3.14.x allows XSS. This is fixed in 3.10.7, 3.12.3, and 3.15.0. | ||||
| CVE-2019-19393 | 1 Rittal | 2 Cmc Pu Iii 7030.000, Cmc Pu Iii 7030.000 Firmware | 2024-11-21 | 6.1 Medium |
| The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts) as the content is always displayed after and before login. Persistent XSS allows an attacker to modify displayed content or to change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or a hijacked session. | ||||
| CVE-2019-19392 | 1 Fordnn | 1 Usersexportimport | 2024-11-21 | 9.8 Critical |
| The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles="Administrators" in XML or CSV data. | ||||
| CVE-2019-19390 | 1 Matrix42 | 1 Workspace Management | 2024-11-21 | 5.4 Medium |
| The Search parameter of the Software Catalogue section of Matrix42 Workspace Management 9.1.2.2765 and below accepts unfiltered parameters that lead to multiple reflected XSS issues. | ||||
| CVE-2019-19389 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 5.4 Medium |
| JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting. | ||||
| CVE-2019-19388 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter. | ||||
| CVE-2019-19387 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter. | ||||
| CVE-2019-19386 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter. | ||||
| CVE-2019-19385 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter. | ||||
| CVE-2019-19384 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter. | ||||
| CVE-2019-19383 | 1 Freeftpd | 1 Freeftpd | 2024-11-21 | 8.8 High |
| freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command (this is exploitable even if logging is disabled). | ||||
| CVE-2019-19382 | 1 Maxpcsecure | 1 Anti Virus Plus | 2024-11-21 | 7.8 High |
| Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the installation directory. Local attackers can replace a .exe or .dll file to achieve privilege escalation. | ||||
| CVE-2019-19381 | 1 Abacus | 1 Abacus | 2024-11-21 | 6.1 Medium |
| oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 before prior to R4 (20.11.2019 Hotfix) allows Reflected Cross Site Scripting (XSS) via an error message. | ||||
| CVE-2019-19379 | 1 Misp | 1 Misp | 2024-11-21 | 5.3 Medium |
| In app/Controller/TagsController.php in MISP 2.4.118, users can bypass intended restrictions on tagging data. | ||||
| CVE-2019-19377 | 2 Linux, Netapp | 5 Linux Kernel, Active Iq Unified Manager, Cloud Backup and 2 more | 2024-11-21 | 7.8 High |
| In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. | ||||