Export limit exceeded: 347479 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 79420 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79420 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5137 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 7.5 High |
| The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. | ||||
| CVE-2019-5136 | 1 Moxa | 2 Awk-3131a, Awk-3131a Firmware | 2024-11-21 | 8.8 High |
| An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | ||||
| CVE-2019-5134 | 1 Wago | 4 Pfc100, Pfc100 Firmware, Pfc200 and 1 more | 2024-11-21 | 7.5 High |
| An exploitable regular expression without anchors vulnerability exists in the Web-Based Management (WBM) authentication functionality of WAGO PFC200 versions 03.00.39(12) and 03.01.07(13), and WAGO PFC100 version 03.00.39(12). A specially crafted authentication request can bypass regular expression filters, resulting in sensitive information disclosure. | ||||
| CVE-2019-5133 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 8.8 High |
| An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll BMP parser of the ImageGear 19.3.0 library. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | ||||
| CVE-2019-5132 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 8.8 High |
| An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll GEM Raster parser of the Accusoft ImageGear 19.3.0 library. A specially crafted GEM file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | ||||
| CVE-2019-5131 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 8.8 High |
| An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | ||||
| CVE-2019-5130 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 8.8 High |
| An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | ||||
| CVE-2019-5126 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 8.8 High |
| An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | ||||
| CVE-2019-5125 | 1 Leadtools | 1 Leadtools | 2024-11-21 | 7.8 High |
| An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability. | ||||
| CVE-2019-5124 | 2 Amd, Vmware | 2 Atidxx64, Workstation | 2024-11-21 | 8.6 High |
| An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host. | ||||
| CVE-2019-5123 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 8.8 High |
| Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php. | ||||
| CVE-2019-5122 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php. | ||||
| CVE-2019-5121 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter uuid in /objects/pluginSwitch.json.php | ||||
| CVE-2019-5120 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. | ||||
| CVE-2019-5119 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exist in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configurations, access the underlying operating system. | ||||
| CVE-2019-5117 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 8.8 High |
| Exploitable SQL injection vulnerabilities exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. | ||||
| CVE-2019-5116 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 8.8 High |
| An exploitable SQL injection vulnerability exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause a SQL injection. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and in certain configuration, access the underlying operating system. | ||||
| CVE-2019-5112 | 1 Formalms | 1 Formalms | 2024-11-21 | 8.8 High |
| Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_status was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | ||||
| CVE-2019-5111 | 1 Formalms | 1 Formalms | 2024-11-21 | 8.8 High |
| Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filter_cat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | ||||
| CVE-2019-5110 | 1 Formalms | 1 Formalms | 2024-11-21 | 8.8 High |
| Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and, in certain configurations, access the underlying operating system. | ||||