Export limit exceeded: 362636 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362636 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19817 | 1 Gonitro | 1 Nitro Free Pdf Reader | 2024-11-21 | 5.5 Medium |
| The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x2e8a Out-of-Bounds Read via crafted Unicode content. | ||||
| CVE-2019-19816 | 4 Canonical, Debian, Linux and 1 more | 18 Ubuntu Linux, Debian Linux, Linux Kernel and 15 more | 2024-11-21 | 7.8 High |
| In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. | ||||
| CVE-2019-19815 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause a NULL pointer dereference in f2fs_recover_fsync_data in fs/f2fs/recovery.c. This is related to F2FS_P_SB in fs/f2fs/f2fs.h. | ||||
| CVE-2019-19814 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this. | ||||
| CVE-2019-19813 | 4 Canonical, Debian, Linux and 1 more | 18 Ubuntu Linux, Debian Linux, Linux Kernel and 15 more | 2024-11-21 | 5.5 Medium |
| In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c, __btrfs_qgroup_free_meta in fs/btrfs/qgroup.c, and btrfs_insert_delayed_items in fs/btrfs/delayed-inode.c. | ||||
| CVE-2019-19810 | 1 Eleveo | 1 Call Recording | 2024-11-21 | 10.0 Critical |
| Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host. | ||||
| CVE-2019-19807 | 3 Canonical, Linux, Redhat | 5 Ubuntu Linux, Linux Kernel, Enterprise Linux and 2 more | 2024-11-21 | 7.8 High |
| In the Linux kernel before 5.3.11, sound/core/timer.c has a use-after-free caused by erroneous code refactoring, aka CID-e7af6307a8a5. This is related to snd_timer_open and snd_timer_close_locked. The timeri variable was originally intended to be for a newly created timer instance, but was used for a different purpose after refactoring. | ||||
| CVE-2019-19806 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 5.3 Medium |
| _account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 displays a message indicating whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses. | ||||
| CVE-2019-19805 | 1 Mfscripts | 1 Yetishare | 2024-11-21 | 5.3 Medium |
| _account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name provided. This can be used by an attacker to enumerate accounts by guessing email addresses. | ||||
| CVE-2019-19802 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 6.5 Medium |
| In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied. | ||||
| CVE-2019-19801 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 5.5 Medium |
| In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases. | ||||
| CVE-2019-19800 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 5.3 Medium |
| Zoho ManageEngine Applications Manager 14 before 14520 allows a remote unauthenticated attacker to disclose OS file names via FailOverHelperServlet. | ||||
| CVE-2019-19799 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 5.3 Medium |
| Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. | ||||
| CVE-2019-19797 | 3 Debian, Fedoraproject, Xfig Project | 3 Debian Linux, Fedora, Fig2dev | 2024-11-21 | 5.5 Medium |
| read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. | ||||
| CVE-2019-19796 | 1 Yabasic | 1 Yabasic | 2024-11-21 | 7.8 High |
| Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file. | ||||
| CVE-2019-19795 | 1 Samurai Project | 1 Samurai | 2024-11-21 | 7.8 High |
| samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file. | ||||
| CVE-2019-19794 | 2 Miekg-dns Project, Redhat | 3 Miekg-dns, Jaeger, Openstack | 2024-11-21 | 5.9 Medium |
| The miekg Go DNS package before 1.1.25, as used in CoreDNS before 1.6.6 and other products, improperly generates random numbers because math/rand is used. The TXID becomes predictable, leading to response forgeries. | ||||
| CVE-2019-19793 | 2 Cyxtera, Microsoft | 2 Appgate Sdp, Windows | 2024-11-21 | 8.8 High |
| In Cyxtera AppGate SDP Client 4.1.x through 4.3.x before 4.3.2 on Windows, a local or remote user from the same domain can gain privileges. | ||||
| CVE-2019-19792 | 1 Eset | 1 Cyber Security | 2024-11-21 | 6.7 Medium |
| A permissions issue in ESET Cyber Security before 6.8.300.0 for macOS allows a local attacker to escalate privileges by appending data to root-owned files. | ||||
| CVE-2019-19789 | 1 Codesys | 3 Plcwinnt, Runtime Toolkit, Sp Realtime Nt | 2024-11-21 | 6.5 Medium |
| 3S-Smart CODESYS SP Realtime NT before V2.3.7.28, CODESYS Runtime Toolkit 32 bit full before V2.4.7.54, and CODESYS PLCWinNT before V2.4.7.54 allow a NULL pointer dereference. | ||||