Search Results (83153 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-12898 1 Deltaww 1 Devicenet Builder 2024-11-21 N/A
Delta Electronics DeviceNet Builder 2.04 has a User Mode Write AV starting at image00400000+0x000000000017a45e.
CVE-2019-12896 1 Edrawsoft 1 Edraw Max 2024-11-21 N/A
Edraw Max 7.9.3 has Heap Corruption starting at ntdll!RtlpNtMakeTemporaryKey+0x0000000000001a77.
CVE-2019-12895 1 Alternate-tools 1 Alternate Pic View 2024-11-21 N/A
In Alternate Pic View 2.600, the Exception Handler Chain is Corrupted starting at PicViewer!PerfgrapFinalize+0x00000000000b916d.
CVE-2019-12893 1 Alternate-tools 1 Alternate Pic View 2024-11-21 N/A
Alternate Pic View 2.600 has a User Mode Write AV starting at PicViewer!PerfgrapFinalize+0x00000000000a8868.
CVE-2019-12876 1 Zohocorp 3 Manageengine Admanager Plus, Manageengine Adselfservice Plus, Manageengine Desktop Central 2024-11-21 N/A
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
CVE-2019-12863 1 Solarwinds 3 Netpath, Network Performance Monitor, Orion Platform 2024-11-21 4.8 Medium
SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen.
CVE-2019-12842 1 Jetbrains 1 Teamcity 2024-11-21 N/A
A reflected XSS on a user page was detected on one of the JetBrains TeamCity pages. The issue was fixed in TeamCity 2018.2.2.
CVE-2019-12840 1 Webmin 1 Webmin 2024-11-21 N/A
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12839 1 Orangehrm 1 Orangehrm 2024-11-21 N/A
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12837 1 Gencat 1 Portal D\'acces A La Universitat 2024-11-21 4.3 Medium
The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints.
CVE-2019-12835 1 Leanify Project 1 Leanify 2024-11-21 N/A
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.
CVE-2019-12834 1 Ht2labs 1 Learning Locker 2024-11-21 N/A
In HT2 Labs Learning Locker 3.15.1, it's possible to inject malicious HTML and JavaScript code into the DOM of the website via the PATH_INFO to the dashboards/ URI.
CVE-2019-12830 1 Mybb 1 Mybb 2024-11-21 N/A
In MyBB before 1.8.21, an attacker can exploit a parsing flaw in the Private Message / Post renderer that leads to [video] BBCode persistent XSS to take over any forum account, aka a nested video MyCode issue.
CVE-2019-12829 1 Radare 1 Radare2 2024-11-21 N/A
radare2 through 3.5.1 mishandles the RParse API, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, as demonstrated by newstr buffer overflows during replace operations. This affects libr/asm/asm.c and libr/parse/parse.c.
CVE-2019-12827 1 Digium 2 Asterisk, Certified Asterisk 2024-11-21 N/A
Buffer overflow in res_pjsip_messaging in Digium Asterisk versions 13.21-cert3, 13.27.0, 15.7.2, 16.4.0 and earlier allows remote authenticated users to crash Asterisk by sending a specially crafted SIP MESSAGE message.
CVE-2019-12823 1 Craftcms 1 Craft Cms 2024-11-21 6.1 Medium
Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.
CVE-2019-12817 6 Canonical, Debian, Fedoraproject and 3 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2024-11-21 7.0 High
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected.
CVE-2019-12812 2 Activesoft, Microsoft 2 Mybuilder, Windows 2024-11-21 9.8 Critical
MyBuilder viewer before 6.2.2019.814 allow an attacker to execute arbitrary command via specifically crafted configuration file. This can be leveraged for code execution.
CVE-2019-12811 2 Activesoft, Microsoft 2 Mybuilder, Windows 2024-11-21 9.8 Critical
ActiveX Control in MyBuilder before 6.2.2019.814 allow an attacker to execute arbitrary command via the ShellOpen method. This can be leveraged for code execution
CVE-2019-12810 2 Estsoft, Microsoft 2 Alsee, Windows 2024-11-21 N/A
A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code.