Export limit exceeded: 365359 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365359 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9217 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. Its User Interface has a Misrepresentation of Critical Information. | ||||
| CVE-2019-9215 | 3 Debian, Live555, Opensuse | 4 Debian Linux, Streaming Media, Backports Sle and 1 more | 2024-11-21 | 9.8 Critical |
| In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function. | ||||
| CVE-2019-9214 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation. | ||||
| CVE-2019-9213 | 5 Canonical, Debian, Linux and 2 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2024-11-21 | 5.5 Medium |
| In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. | ||||
| CVE-2019-9212 | 1 Antfin | 1 Sofa-hessian | 2024-11-21 | N/A |
| SOFA-Hessian through 4.0.2 allows remote attackers to execute arbitrary commands via a crafted serialized Hessian object because blacklisting of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString is mishandled, related to Resin Gadget. NOTE: The vendor doesn’t consider this issue a vulnerability because the blacklist is being misused. SOFA Hessian supports custom blacklist and a disclaimer was posted encouraging users to update the blacklist or to use the whitelist feature for their specific needs since the blacklist is not being actively updated | ||||
| CVE-2019-9211 | 3 Fedoraproject, Gnu, Suse | 4 Fedora, Pspp, Backports and 1 more | 2024-11-21 | N/A |
| There is a reachable assertion abort in the function write_long_string_missing_values() in data/sys-file-writer.c in libdata.a in GNU PSPP 1.2.0 that will lead to denial of service. | ||||
| CVE-2019-9210 | 5 Advancemame, Canonical, Debian and 2 more | 5 Advancecomp, Ubuntu Linux, Debian Linux and 2 more | 2024-11-21 | 7.8 High |
| In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.) | ||||
| CVE-2019-9209 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-11-21 | 5.5 Medium |
| In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. | ||||
| CVE-2019-9208 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2024-11-21 | N/A |
| In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences. | ||||
| CVE-2019-9207 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 6.1 Medium |
| PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This product is discontinued. | ||||
| CVE-2019-9206 | 1 Paessler | 1 Prtg Network Monitor | 2024-11-21 | 6.1 Medium |
| PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued. | ||||
| CVE-2019-9204 | 1 Nagios | 1 Incident Manager | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Nagios IM (component of Nagios XI) before 2.2.7 allows attackers to execute arbitrary SQL commands. | ||||
| CVE-2019-9203 | 1 Nagios | 1 Incident Manager | 2024-11-21 | 9.8 Critical |
| Authorization bypass in Nagios IM (component of Nagios XI) before 2.2.7 allows closing incidents in IM via the API. | ||||
| CVE-2019-9202 | 1 Nagios | 1 Incident Manager | 2024-11-21 | 8.8 High |
| Nagios IM (component of Nagios XI) before 2.2.7 allows authenticated users to execute arbitrary code via API key issues. | ||||
| CVE-2019-9200 | 4 Canonical, Debian, Freedesktop and 1 more | 4 Ubuntu Linux, Debian Linux, Poppler and 1 more | 2024-11-21 | N/A |
| A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | ||||
| CVE-2019-9199 | 2 Fedoraproject, Podofo Project | 2 Fedora, Podofo | 2024-11-21 | N/A |
| PoDoFo::Impose::PdfTranslator::setSource() in pdftranslator.cpp in PoDoFo 0.9.6 has a NULL pointer dereference that can (for example) be triggered by sending a crafted PDF file to the podofoimpose binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | ||||
| CVE-2019-9197 | 2 Microsoft, Unity3d | 2 Windows, Unity Editor | 2024-11-21 | 8.8 High |
| The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code. | ||||
| CVE-2019-9196 | 1 Aware | 1 Knomi | 2024-11-21 | N/A |
| The Face authentication component in Aware mobile liveness 2.2.1 sdk 2.2.0 for Knomi allows a Biometrical Liveness authentication bypass via parameter tampering of the /knomi/analyze security_level field. | ||||
| CVE-2019-9195 | 1 Grin | 1 Grin | 2024-11-21 | 9.8 Critical |
| util/src/zip.rs in Grin before 1.0.2 mishandles suspicious files. An attacker can execute arbitrary code via directory traversal in a ZIP archive. | ||||
| CVE-2019-9194 | 1 Std42 | 1 Elfinder | 2024-11-21 | N/A |
| elFinder before 2.1.48 has a command injection vulnerability in the PHP connector. | ||||