Export limit exceeded: 34838 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34838 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18368 | 1 Jetbrains | 1 Toolbox | 2024-11-21 | 7.3 High |
| In JetBrains Toolbox App before 1.15.5666 for Windows, privilege escalation was possible. | ||||
| CVE-2019-18365 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 Medium |
| In JetBrains TeamCity before 2019.1.4, reverse tabnabbing was possible on several pages. | ||||
| CVE-2019-18363 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.3 Medium |
| In JetBrains TeamCity before 2019.1.2, access could be gained to the history of builds of a deleted build configuration under some circumstances. | ||||
| CVE-2019-18362 | 1 Jetbrains | 1 Mps | 2024-11-21 | 5.3 Medium |
| JetBrains MPS before 2019.2.2 exposed listening ports to the network. | ||||
| CVE-2019-18361 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 5.3 Medium |
| JetBrains IntelliJ IDEA before 2019.2 allows local user privilege escalation, potentially leading to arbitrary code execution. | ||||
| CVE-2019-18360 | 1 Jetbrains | 1 Hub | 2024-11-21 | 5.3 Medium |
| In JetBrains Hub versions earlier than 2019.1.11738, username enumeration was possible through password recovery. | ||||
| CVE-2019-18352 | 1 Phoenixcontact | 4 Fl Nat 2208, Fl Nat 2208 Firmware, Fl Nat 2304-2gc-2sfp and 1 more | 2024-11-21 | 8.2 High |
| Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices before V2.90 and FL NAT 2304-2GC-2SFP devices before V2.90 when using MAC-based port security. | ||||
| CVE-2019-18349 | 1 Hotkeyp Project | 1 Hotkeyp | 2024-11-21 | 9.8 Critical |
| HotkeyP through 4.9 r96 allows privilege escalation in the privilege function in Commands.cpp. | ||||
| CVE-2019-18279 | 1 Phoenix | 1 Securecore Technology | 2024-11-21 | 8.8 High |
| In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019. | ||||
| CVE-2019-18278 | 2 Microsoft, Videolan | 2 Windows, Vlc Media Player | 2024-11-21 | 7.8 High |
| When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no way of reproducing this issue. | ||||
| CVE-2019-18251 | 2 Omron, Teamviewer | 2 Cx-supervisor, Teamviewer | 2024-11-21 | 8.8 High |
| In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit. | ||||
| CVE-2019-18242 | 1 Moxa | 40 Iologik 2512, Iologik 2512-hspa, Iologik 2512-hspa-t and 37 more | 2024-11-21 | 7.5 High |
| In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, frequent and multiple requests for short-term use may cause the web server to fail. | ||||
| CVE-2019-18225 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain appliance administrative access. These products formerly used the NetScaler brand name. | ||||
| CVE-2019-18216 | 1 Asus | 2 Rog Zephyrus M Gm501gs, Rog Zephyrus M Gm501gs Firmware | 2024-11-21 | 6.8 Medium |
| The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access can exhaust the main battery to reset the BIOS configuration, and then achieve direct access to the hard drive by booting a live USB OS without disassembling the laptop. NOTE: the vendor has apparently indicated that this is "normal" and use of the same battery for the BIOS and the overall system is a "new design." However, the vendor apparently plans to "improve" this an unspecified later time | ||||
| CVE-2019-18202 | 1 Wago | 3 Pfc100, Pfc200, Pfc Firmware | 2024-11-21 | 5.3 Medium |
| Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests. | ||||
| CVE-2019-18200 | 1 Fujitsu | 2 Lx390, Lx390 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack of proper encryption of 2.4 GHz communication, they are prone to keystroke injection attacks. | ||||
| CVE-2019-18195 | 1 Terra-master | 2 F2-210, F2-210 Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on TerraMaster FS-210 4.0.19 devices. Normal users can use 1.user.php for privilege elevation. | ||||
| CVE-2019-18194 | 1 Totalav | 1 Totalav 2020 | 2024-11-21 | 7.8 High |
| TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder. | ||||
| CVE-2019-18181 | 1 Arista | 1 Cloudvision Portal | 2024-11-21 | 7.8 High |
| In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train allows users with read-only permissions to bypass permissions for restricted functionality via CVP API calls through the Configlet Builder modules. This vulnerability can potentially enable authenticated users with read-only access to take actions that are otherwise restricted in the GUI. | ||||
| CVE-2019-18179 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.12, and Community Edition 5.0.x through 5.0.38 and 6.0.x through 6.0.23. An attacker who is logged into OTRS as an agent is able to list tickets assigned to other agents, even tickets in a queue where the attacker doesn't have permissions. | ||||