Export limit exceeded: 363079 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363079 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363079 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20096 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 5.5 Medium |
| In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. | ||||
| CVE-2019-20095 | 4 Linux, Netapp, Opensuse and 1 more | 21 Linux Kernel, 8300, 8300 Firmware and 18 more | 2024-11-21 | 5.5 Medium |
| mwifiex_tm_cmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c in the Linux kernel before 5.1.6 has some error-handling cases that did not free allocated hostcmd memory, aka CID-003b686ace82. This will cause a memory leak and denial of service. | ||||
| CVE-2019-20093 | 2 Fedoraproject, Podofo Project | 2 Fedora, Podofo | 2024-11-21 | 5.5 Medium |
| The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file, because of ImageExtractor.cpp. | ||||
| CVE-2019-20092 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_EsDescriptor::GetDecoderConfigDescriptor in Ap4EsDescriptor.cpp. | ||||
| CVE-2019-20091 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Bento4 1.5.1.0. There is a NULL pointer dereference in AP4_Descriptor::GetTag in mp42ts when called from AP4_DecoderConfigDescriptor::GetDecoderSpecificInfoDescriptor in Ap4DecoderConfigDescriptor.cpp. | ||||
| CVE-2019-20090 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.8 High |
| An issue was discovered in Bento4 1.5.1.0. There is a use-after-free in AP4_Sample::GetOffset in Core/Ap4Sample.h when called from Ap4LinearReader.cpp. | ||||
| CVE-2019-20089 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 7.8 High |
| GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation. | ||||
| CVE-2019-20088 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 7.8 High |
| GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c. | ||||
| CVE-2019-20087 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 8.8 High |
| GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags" feature. | ||||
| CVE-2019-20086 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 8.8 High |
| GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c. | ||||
| CVE-2019-20082 | 1 Asus | 2 Rt-n53, Rt-n53 Firmware | 2024-11-21 | 9.8 Critical |
| ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp. | ||||
| CVE-2019-20079 | 2 Canonical, Vim | 2 Ubuntu Linux, Vim | 2024-11-21 | 7.8 High |
| The autocmd feature in window.c in Vim before 8.1.2136 accesses freed memory. | ||||
| CVE-2019-20077 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 4.3 Medium |
| The Typesetter CMS 5.1 logout functionality is affected by a CSRF vulnerability. The logout function of the admin panel is not protected by any CSRF tokens. An attacker can logout the user using this vulnerability. | ||||
| CVE-2019-20076 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 6.1 Medium |
| On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). | ||||
| CVE-2019-20075 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 6.1 Medium |
| On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). | ||||
| CVE-2019-20074 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 8.8 High |
| On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. | ||||
| CVE-2019-20073 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 6.1 Medium |
| On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). | ||||
| CVE-2019-20072 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 6.1 Medium |
| On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). | ||||
| CVE-2019-20071 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 6.5 Medium |
| On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. | ||||
| CVE-2019-20070 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-11-21 | 6.1 Medium |
| On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). | ||||