Export limit exceeded: 363054 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363054 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20166 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_dump() in isomedia/box_dump.c. | ||||
| CVE-2019-20165 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 5.5 Medium |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c. | ||||
| CVE-2019-20164 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_isom_box_del() in isomedia/box_funcs.c. | ||||
| CVE-2019-20163 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 5.5 Medium |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c. | ||||
| CVE-2019-20162 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 5.5 Medium |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c. | ||||
| CVE-2019-20161 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2024-11-21 | 5.5 Medium |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c. | ||||
| CVE-2019-20160 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a stack-based buffer overflow in the function av1_parse_tile_group() in media_tools/av_parsers.c. | ||||
| CVE-2019-20159 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is a memory leak in dinf_New() in isomedia/box_code_base.c. | ||||
| CVE-2019-20155 | 1 Determine | 1 Contract Lifecycle Management | 2024-11-21 | 8.8 High |
| An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server. | ||||
| CVE-2019-20154 | 1 Determine | 1 Contract Lifecycle Management | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. A cross-site scripting (XSS) vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2019-20153 | 1 Determine | 1 Contract Lifecycle Management | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload_attach.jsp allows authenticated remote attackers to read arbitrary files (including configuration files containing administrative credentials). | ||||
| CVE-2019-20152 | 1 Treasuryxpress | 1 Treasuryxpress | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow field. As a result, the payload is executed via the navigation bar throughout the application. | ||||
| CVE-2019-20151 | 1 Treasuryxpress | 1 Treasuryxpress | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A malicious payload can be injected within the Multi Approval security component and inserted via the Note field. As a result, the payload is executed by the application's administrator(s). | ||||
| CVE-2019-20150 | 1 Treasuryxpress | 1 Treasuryxpress | 2024-11-21 | 6.5 Medium |
| In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials. This can be done by using the application's editor to change the expected SFTP Host IP to a malicious host, and then using the Check Connectivity option. The application then sends these saved credentials to the malicious host. | ||||
| CVE-2019-20149 | 2 Kind-of Project, Redhat | 2 Kind-of, Acm | 2024-11-21 | 7.5 High |
| ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result. | ||||
| CVE-2019-20148 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control. | ||||
| CVE-2019-20147 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control. | ||||
| CVE-2019-20146 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption. | ||||
| CVE-2019-20145 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control. | ||||
| CVE-2019-20144 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control. | ||||