Vulnerabilities (CVE)

Filter

127277 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-15537 2019-08-23 N/A
The proxystatistics module before 3.1.0 for SimpleSAMLphp allows SQL Injection in lib/Auth/Process/DatabaseCommand.php.
CVE-2019-1580 2019-08-23 N/A
Memory corruption in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to craft a message to Secure Shell Daemon (SSHD) and corrupt arbitrary memory.
CVE-2019-1581 2019-08-23 N/A
Mitigation bypass in PAN-OS 7.1.24 and earlier, PAN-OS 8.0.19 and earlier, PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow a remote, unauthenticated user to execute arbitrary code by crafting a malicious message.
CVE-2019-1582 2019-08-23 N/A
Memory corruption in PAN-OS 8.1.9 and earlier, and PAN-OS 9.0.3 and earlier will allow an administrative user to cause arbitrary memory corruption by rekeying the current client interactive session.
CVE-2019-1583 2019-08-23 N/A
Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. Active interaction with an affected...
CVE-2018-12426 1 Wp-livechat 1 Live Chat Support 2019-08-23 7.5
The WP Live Chat Support Pro plugin before 8.0.07 for WordPress is vulnerable to unauthenticated Remote Code Execution due to client-side validation of allowed file types, as demonstrated by a v1/remote_upload request with a .php filename and the...
CVE-2019-10746 2019-08-23 N/A
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
CVE-2019-10747 2019-08-23 N/A
set-value is vulnerable to Prototype Pollution in versions before 2.0.1 and version 3.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads.
CVE-2019-10750 2019-08-23 N/A
deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload.
CVE-2019-10751 2019-08-23 N/A
All versions of the HTTPie package are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a...
CVE-2019-13013 2019-08-23 N/A
Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their privileged helper tool. The privileged helper tool implements an XPC interface which is available to any process and allows directory listings and...
CVE-2019-13014 2019-08-23 N/A
Little Snitch versions 4.4.0 fixes a vulnerability in a privileged helper tool. However, the operating system may have made a copy of the privileged helper which is not removed or updated immediately. Computers may therefore still be vulnerable...
CVE-2019-15516 2019-08-23 N/A
Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring.
CVE-2019-15517 2019-08-23 N/A
jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal.
CVE-2019-15518 2019-08-23 N/A
Swoole before 4.2.13 allows directory traversal in swPort_http_static_handler.
CVE-2019-15519 2019-08-23 N/A
Power-Response before 2019-02-02 allows directory traversal (up to the application's main directory) via a plugin.
CVE-2019-15520 2019-08-23 N/A
comelz Quark before 2019-03-26 allows directory traversal to locations outside of the project directory.
CVE-2019-15525 2019-08-23 N/A
There is Missing SSL Certificate Validation in the pw3270 terminal emulator before version 5.1.
CVE-2019-15526 2019-08-23 N/A
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Type field to SetWanSettings, a related issue to CVE-2019-13482.
CVE-2019-15527 2019-08-23 N/A
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.