Export limit exceeded: 75888 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 75888 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75888 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15079 | 1 Eai Project | 1 Eai | 2024-11-21 | 7.5 High |
| A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an Ethereum token. This vulnerability could be used by an attacker to acquire EAI tokens for free. | ||||
| CVE-2019-15078 | 1 Xbornid | 1 Xbornid | 2024-11-21 | 7.5 High |
| An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free. | ||||
| CVE-2019-15075 | 1 Inextrix | 1 Astpp | 2024-11-21 | 7.5 High |
| An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key. | ||||
| CVE-2019-15059 | 1 Lispbx Project | 1 Lispbx | 2024-11-21 | 7.5 High |
| In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX information including extension numbers, contacts, and passwords. | ||||
| CVE-2019-15051 | 1 Softing | 6 Uagate 840d, Uagate 840d Firmware, Uagate Mb and 3 more | 2024-11-21 | 8.8 High |
| An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter. | ||||
| CVE-2019-15046 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 7.5 High |
| Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. | ||||
| CVE-2019-15042 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1. | ||||
| CVE-2019-15040 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 8.8 High |
| JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. | ||||
| CVE-2019-15038 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1. | ||||
| CVE-2019-15036 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.2 High |
| An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Project administrator could execute any command on the server machine. The issue was fixed in TeamCity 2018.2.5 and 2019.1. | ||||
| CVE-2019-15033 | 1 Pydio | 1 Pydio | 2024-11-21 | 7.7 High |
| Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring. | ||||
| CVE-2019-15023 | 1 Zingbox | 1 Inspector | 2024-11-21 | 7.5 High |
| A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that results in passwords for 3rd party integrations being stored in cleartext in device configuration. | ||||
| CVE-2019-15022 | 1 Zingbox | 1 Inspector | 2024-11-21 | 7.5 High |
| A security vulnerability exists in Zingbox Inspector versions 1.294 and earlier, that allows for the Inspector to be susceptible to ARP spoofing. | ||||
| CVE-2019-15018 | 1 Zingbox | 1 Inspector | 2024-11-21 | 7.5 High |
| A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant. | ||||
| CVE-2019-15017 | 1 Zingbox | 1 Inspector | 2024-11-21 | 8.4 High |
| The SSH service is enabled on the Zingbox Inspector versions 1.294 and earlier, exposing SSH to the local network. When combined with PAN-SA-2019-0027, this can allow an attacker to authenticate to the service using hardcoded credentials. | ||||
| CVE-2019-15016 | 1 Zingbox | 1 Inspector | 2024-11-21 | 8.8 High |
| An SQL injection vulnerability exists in the management interface of Zingbox Inspector versions 1.288 and earlier, that allows for unsanitized data provided by an authenticated user to be passed from the web UI into the database. | ||||
| CVE-2019-15015 | 1 Zingbox | 1 Inspector | 2024-11-21 | 8.4 High |
| In the Zingbox Inspector, versions 1.294 and earlier, hardcoded credentials for root and inspector user accounts are present in the system software, which can result in unauthorized users gaining access to the system. | ||||
| CVE-2019-15014 | 1 Zingbox | 1 Inspector | 2024-11-21 | 8.8 High |
| A command injection vulnerability exists in the Zingbox Inspector versions 1.286 and earlier, that allows for an authenticated user to execute arbitrary system commands in the CLI. | ||||
| CVE-2019-15012 | 1 Atlassian | 1 Bitbucket | 2024-11-21 | 8.8 High |
| Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance. | ||||
| CVE-2019-15010 | 1 Atlassian | 1 Bitbucket | 2024-11-21 | 8.8 High |
| Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim's systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance. | ||||