Vulnerabilities (CVE)

Filter

74125 total CVE
CVE Vendors Products Updated CVSS
CVE-2010-5336 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
CVE-2019-17450 1 Gnu 1 Binutils 2019-10-15 4.3
find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file.
CVE-2015-9477 1 Vernissage Project 1 Vernissage 2019-10-15 6.5
The Vernissage theme 1.2.8 for WordPress has insufficient restrictions on option updates.
CVE-2018-16202 1 Ionicframework 2 Cordova-plugin-ionic-webview, Ionic Web View 2019-10-15 5.0
Directory traversal vulnerability in cordova-plugin-ionic-webview versions prior to 2.2.0 (not including 2.0.0-beta.0, 2.0.0-beta.1, 2.0.0-beta.2, and 2.1.0-0) allows remote attackers to access arbitrary files via unspecified vectors.
CVE-2015-9472 1 Monitorbacklinks 1 Incoming Links 2019-10-15 4.3
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.
CVE-2019-17496 1 Craftcms 1 Craft Cms 2019-10-15 4.3
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
CVE-2015-9480 1 Robot-cpa 1 Robotcpa 2019-10-15 5.0
The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.
CVE-2018-9062 2019-10-15 7.2
In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code.
CVE-2019-3652 1 Mcafee 1 Endpoint Security 2019-10-15 4.6
Code Injection vulnerability in EPSetup.exe in McAfee Endpoint Security (ENS) Prior to 10.6.1 October 2019 Update allows local user to get their malicious code installed by the ENS installer via code injection into EPSetup.exe by an attacker with...
CVE-2019-11528 1 Softing 1 Uagate Si Firmware 2019-10-15 5.0
An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable.
CVE-2019-1314 1 Microsoft 1 Windows 10 Mobile 2019-10-15 4.6
A security feature bypass vulnerability exists in Windows 10 Mobile when Cortana allows a user to access files and folders through the locked screen, aka 'Windows 10 Mobile Security Feature Bypass Vulnerability'.
CVE-2019-17494 1 Laravel-bjyblog Project 1 Laravel-bjyblog 2019-10-15 4.3
laravel-bjyblog 6.1.1 has XSS via a crafted URL.
CVE-2019-17352 1 Jfinal 1 Jfinal 2019-10-15 5.0
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion...
CVE-2019-11077 1 Fastadmin 1 Fastadmin 2019-10-15 6.8
FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI.
CVE-2019-13529 1 Sma 1 Sunny Webbox Firmware 2019-10-15 6.8
An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to...
CVE-2019-1362 1 Microsoft 2 Windows 7, Windows Server 2008 2019-10-15 7.2
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1364.
CVE-2019-1364 1 Microsoft 2 Windows 7, Windows Server 2008 2019-10-15 7.2
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362.
CVE-2019-1166 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-15 4.3
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.
CVE-2015-9478 2019-10-15 4.3
prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.
CVE-2019-17353 1 Dlink 1 Dir-615 Firmware 2019-10-15 6.4
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to...