Export limit exceeded: 362833 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362833 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16370 | 1 Gradle | 1 Gradle | 2024-11-21 | 5.9 Medium |
| The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900. | ||||
| CVE-2019-16366 | 1 Moddable | 2 Moddable, Xs | 2024-11-21 | 9.8 Critical |
| In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst. | ||||
| CVE-2019-16355 | 1 Beego | 1 Beego | 2024-11-21 | 5.5 Medium |
| The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files. | ||||
| CVE-2019-16354 | 1 Beego | 1 Beego | 2024-11-21 | 4.7 Medium |
| The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions. | ||||
| CVE-2019-16353 | 1 Geautomation | 1 Proficy | 2024-11-21 | 7.5 High |
| Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device. | ||||
| CVE-2019-16352 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | 6.5 Medium |
| ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c. | ||||
| CVE-2019-16351 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | 6.5 Medium |
| ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c. | ||||
| CVE-2019-16350 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | 6.5 Medium |
| ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c. | ||||
| CVE-2019-16349 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 5.5 Medium |
| Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class. | ||||
| CVE-2019-16348 | 1 Libwav Project | 1 Libwav | 2024-11-21 | 6.5 Medium |
| marc-q libwav through 2017-04-20 has a NULL pointer dereference in gain_file() at wav_gain.c. | ||||
| CVE-2019-16347 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 8.8 High |
| ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | ||||
| CVE-2019-16346 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 8.8 High |
| ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | ||||
| CVE-2019-16344 | 1 Scadabr | 1 Scadabr | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter. | ||||
| CVE-2019-16340 | 1 Linksys | 6 Velop Whw0301, Velop Whw0301 Firmware, Velop Whw0302 and 3 more | 2024-11-21 | 9.8 Critical |
| Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. | ||||
| CVE-2019-16338 | 1 Hancom | 1 Hancom Office Neo | 2024-11-21 | 7.8 High |
| The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file. | ||||
| CVE-2019-16337 | 1 Hancom | 1 Hancom Office Neo | 2024-11-21 | 7.8 High |
| The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-free via an unknown object in a crafted .docx file. | ||||
| CVE-2019-16336 | 1 Cypress | 2 Cybl11573, Cyble-416045 | 2024-11-21 | 6.5 Medium |
| The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload size, which allows attackers (in radio range) to cause a denial of service (crash) via a crafted BLE Link Layer frame. | ||||
| CVE-2019-16335 | 6 Debian, Fasterxml, Fedoraproject and 3 more | 26 Debian Linux, Jackson-databind, Fedora and 23 more | 2024-11-21 | 9.8 Critical |
| A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. | ||||
| CVE-2019-16334 | 1 Bludit | 1 Bludit | 2024-11-21 | 4.8 Medium |
| In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636. | ||||
| CVE-2019-16333 | 1 Get-simple | 1 Getsimple Cms | 2024-11-21 | 5.4 Medium |
| GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. | ||||