Vulnerabilities (CVE)

Filter

130145 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17352 1 Jfinal 1 Jfinal 2019-10-15 5.0
In JFinal cos before 2019-08-13, as used in JFinal 4.4, there is a vulnerability that can bypass the isSafeFile() function: one can upload any type of file. For example, a .jsp file may be stored and almost immediately deleted, but this deletion...
CVE-2019-11077 1 Fastadmin 1 Fastadmin 2019-10-15 6.8
FastAdmin V1.0.0.20190111_beta has a CSRF vulnerability to add a new admin user via the admin/auth/admin/add?dialog=1 URI.
CVE-2019-11526 1 Softing 1 Uagate Si Firmware 2019-10-15 10.0
An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable via sudo, is vulnerable to file path injection. This enables the Attacker to write files with superuser privileges in specific locations.
CVE-2019-12944 2019-10-15 N/A
Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the network connection is unavailable.
CVE-2019-17195 2019-10-15 N/A
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
CVE-2019-13529 1 Sma 1 Sunny Webbox Firmware 2019-10-15 6.8
An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to...
CVE-2019-1362 1 Microsoft 2 Windows 7, Windows Server 2008 2019-10-15 7.2
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1364.
CVE-2019-1364 1 Microsoft 2 Windows 7, Windows Server 2008 2019-10-15 7.2
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362.
CVE-2019-1166 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-15 4.3
A tampering vulnerability exists in Microsoft Windows when a man-in-the-middle attacker is able to successfully bypass the NTLM MIC (Message Integrity Check) protection, aka 'Windows NTLM Tampering Vulnerability'.
CVE-2019-17354 1 Zyxel 1 Nbg-418n V2 Firmware 2019-10-15 7.5
wan.htm page on Zyxel NBG-418N v2 with firmware version V1.00(AARP.9)C0 can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to modify data fields of the page.
CVE-2015-9478 2019-10-15 4.3
prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.
CVE-2019-17353 1 Dlink 1 Dir-615 Firmware 2019-10-15 6.4
An issue discovered on D-Link DIR-615 devices with firmware version 20.05 and 20.07. wan.htm can be accessed directly without authentication, which can lead to disclosure of information about the WAN, and can also be leveraged by an attacker to...
CVE-2019-17362 2 Libtom, Debian 2 Libtomcrypt, Debian Linux 2019-10-15 6.4
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read...
CVE-2019-3689 1 Linux-nfs 1 Nfs-utils 2019-10-15 10.0
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This...
CVE-2019-1321 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-15 7.2
An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka 'Microsoft Windows CloudStore Elevation of Privilege Vulnerability'.
CVE-2019-3980 1 Solarwinds 1 Dameware Mini Remote Control Firmware 2019-10-15 10.0
The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login...
CVE-2019-0381 1 Sap 3 Dynamic Tier, Sap Iq, Sql Anywhere 2019-10-15 2.1
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP Dynamic Tier, before versions 1.0 and 2.0, can result in the inadvertent access of files located in directories outside of the paths specified by the user.
CVE-2019-17432 1 Fastadmin 1 Fastadmin 2019-10-15 4.3
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter.
CVE-2019-5699 1 Nvidia 1 Shield Experience 2019-10-15 7.2
NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution....
CVE-2019-5700 1 Nvidia 1 Shield Experience 2019-10-15 7.2
NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges,...