Search
Search Results (347323 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-10009 | 1 Southrivertech | 1 Titan Ftp Server | 2024-11-21 | N/A |
| A Directory Traversal issue was discovered in the Web GUI in Titan FTP Server 2019 Build 3505. When an authenticated user attempts to preview an uploaded file (through PreviewHandler.ashx) by using a \..\..\ technique, arbitrary files can be loaded in the server response outside the root directory. | ||||
| CVE-2019-10008 | 1 Zohocorp | 1 Servicedesk Plus | 2024-11-21 | N/A |
| Zoho ManageEngine ServiceDesk 9.3 allows session hijacking and privilege escalation because an established guest session is automatically converted into an established administrator session when the guest user enters the administrator username, with an arbitrary incorrect password, in an mc/ login attempt within a different browser tab. | ||||
| CVE-2019-1020019 | 1 Inveniosoftware | 1 Invenio-previewer | 2024-11-21 | N/A |
| invenio-previewer before 1.0.0a12 allows XSS. | ||||
| CVE-2019-1020018 | 1 Discourse | 1 Discourse | 2024-11-21 | 7.3 High |
| Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via an email link. | ||||
| CVE-2019-1020017 | 1 Discourse | 1 Discourse | 2024-11-21 | 5.3 Medium |
| Discourse before 2.3.0 and 2.4.x before 2.4.0.beta3 lacks a confirmation screen when logging in via a user-api OTP. | ||||
| CVE-2019-1020016 | 1 Ash-aio Project | 1 Ash-aio | 2024-11-21 | N/A |
| ASH-AIO before 2.0.0.3 allows an open redirect. | ||||
| CVE-2019-1020015 | 1 Hasura | 1 Graphql Engine | 2024-11-21 | N/A |
| graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT. | ||||
| CVE-2019-1020014 | 3 Canonical, Docker, Fedoraproject | 3 Ubuntu Linux, Credential Helpers, Fedora | 2024-11-21 | 5.5 Medium |
| docker-credential-helpers before 0.6.3 has a double free in the List functions. | ||||
| CVE-2019-1020013 | 1 Parseplatform | 1 Parse-server | 2024-11-21 | N/A |
| parse-server before 3.6.0 allows account enumeration. | ||||
| CVE-2019-1020012 | 1 Parseplatform | 1 Parse-server | 2024-11-21 | N/A |
| parse-server before 3.4.1 allows DoS after any POST to a volatile class. | ||||
| CVE-2019-1020011 | 1 Charcoal-se | 1 Smokedetector | 2024-11-21 | 7.2 High |
| SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority. | ||||
| CVE-2019-1020010 | 1 Misskey | 1 Misskey | 2024-11-21 | N/A |
| Misskey before 10.102.4 allows hijacking a user's token. | ||||
| CVE-2019-1020009 | 1 Kolide | 1 Fleet | 2024-11-21 | N/A |
| Fleet before 2.1.2 allows exposure of SMTP credentials. | ||||
| CVE-2019-1020008 | 1 Stacktable.js Project | 1 Stacktable.js | 2024-11-21 | N/A |
| stacktable.js before 1.0.4 allows XSS. | ||||
| CVE-2019-1020007 | 1 Owasp | 1 Dependency-track | 2024-11-21 | N/A |
| Dependency-Track before 3.5.1 allows XSS. | ||||
| CVE-2019-1020006 | 1 Inveniosoftware | 1 Invenio-app | 2024-11-21 | N/A |
| invenio-app before 1.1.1 allows host header injection. | ||||
| CVE-2019-1020005 | 1 Inveniosoftware | 1 Invenio-communities | 2024-11-21 | N/A |
| invenio-communities before 1.0.0a20 allows XSS. | ||||
| CVE-2019-1020004 | 1 Tridactyl Project | 1 Tridactyl | 2024-11-21 | N/A |
| Tridactyl before 1.16.0 allows fake key events. | ||||
| CVE-2019-1020003 | 1 Inveniosoftware | 1 Invenio-records | 2024-11-21 | N/A |
| invenio-records before 1.2.2 allows XSS. | ||||
| CVE-2019-1020002 | 1 Pterodactyl | 1 Panel | 2024-11-21 | N/A |
| Pterodactyl before 0.7.14 with 2FA allows credential sniffing. | ||||