Export limit exceeded: 366361 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366361 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366361 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9774 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 9.1 Critical |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is an out-of-bounds read in the function bit_read_B at bits.c. | ||||
| CVE-2019-9773 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 7.5 High |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension. | ||||
| CVE-2019-9772 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 7.5 High |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec. | ||||
| CVE-2019-9771 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 7.5 High |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c. | ||||
| CVE-2019-9770 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 7.5 High |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension. | ||||
| CVE-2019-9769 | 1 Kartatopia | 1 Piluscart | 2024-11-21 | N/A |
| PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator. | ||||
| CVE-2019-9768 | 1 Thinkst | 1 Canarytokens | 2024-11-21 | N/A |
| Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document contains a token. | ||||
| CVE-2019-9767 | 1 Cleanersoft | 1 Free Mp3 Cd Ripper | 2024-11-21 | N/A |
| Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wma file. | ||||
| CVE-2019-9766 | 1 Cleanersoft | 1 Free Mp3 Cd Ripper | 2024-11-21 | N/A |
| Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .mp3 file. | ||||
| CVE-2019-9765 | 1 Blog Mini Project | 1 Blog Mini | 2024-11-21 | N/A |
| In Blog_mini 1.0, XSS exists via the author name of a comment reply in the app/main/views.py articleDetails() function, related to app/templates/_article_comments.html. | ||||
| CVE-2019-9764 | 1 Hashicorp | 1 Consul | 2024-11-21 | N/A |
| HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4. | ||||
| CVE-2019-9763 | 1 Openfind | 1 Mail2000 | 2024-11-21 | N/A |
| An issue was discovered in Openfind Mail2000 6.0 and 7.0 Webmail. XSS can occur via an '<object data="data:text/html' substring in an e-mail message (The vendor subsequently patched this). | ||||
| CVE-2019-9762 | 1 Phpshe | 1 Phpshe | 2024-11-21 | N/A |
| A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication. | ||||
| CVE-2019-9761 | 1 Phpshe | 1 Phpshe | 2024-11-21 | N/A |
| An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php. | ||||
| CVE-2019-9760 | 1 Ftpgetter | 1 Ftpgetter | 2024-11-21 | N/A |
| FTPGetter Standard v.5.97.0.177 allows remote code execution when a user initiates an FTP connection to an attacker-controlled machine that sends crafted responses. Long responses can also crash the FTP client with memory corruption. | ||||
| CVE-2019-9759 | 1 Tongda2000 | 1 Office Anywhere | 2024-11-21 | N/A |
| An issue was discovered in TONGDA Office Anywhere 10.18.190121. There is a SQL Injection vulnerability via the general/approve_center/list/input_form/work_handle.php run_id parameter. | ||||
| CVE-2019-9758 | 1 Labkey | 1 Labkey Server | 2024-11-21 | 5.4 Medium |
| An issue was discovered in LabKey Server 19.1.0. The display name of a user is vulnerable to stored XSS that can execute on administrators from security/permissions.view, security/addUsers.view, or wiki/Administration/page.view in the admin panel, leading to privilege escalation. | ||||
| CVE-2019-9757 | 1 Labkey | 1 Labkey Server | 2024-11-21 | 7.5 High |
| An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read. | ||||
| CVE-2019-9756 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732. | ||||
| CVE-2019-9755 | 2 Redhat, Tuxera | 7 Advanced Virtualization, Enterprise Linux, Enterprise Linux Eus and 4 more | 2024-11-21 | 7.0 High |
| An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges. | ||||