Export limit exceeded: 361796 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361796 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17064 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 5.5 Medium |
| Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. | ||||
| CVE-2019-17063 | 1 Snowtide | 1 Pdfxstream | 2024-11-21 | 5.5 Medium |
| In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF file can trigger an extremely long running computation because of page-tree mishandling. | ||||
| CVE-2019-17062 | 1 Oxid-esales | 1 Eshop | 2024-11-21 | 8.8 High |
| An issue was discovered in OXID eShop 6.x before 6.0.6 and 6.1.x before 6.1.5, OXID eShop Enterprise Edition Version 5.2.x-5.3.x, OXID eShop Professional Edition Version 4.9.x-4.10.x and OXID eShop Community Edition Version: 4.9.x-4.10.x. By using a specially crafted URL, users with administrative rights could unintentionally grant unauthorized users access to the admin panel via session fixation. | ||||
| CVE-2019-17061 | 1 Cypress | 2 Psoc 4, Psoc 4 Ble | 2024-11-21 | 6.5 Medium |
| The Bluetooth Low Energy (BLE) stack implementation on Cypress PSoC 4 through 3.62 devices does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame. | ||||
| CVE-2019-17060 | 1 Nxp | 9 Kw31z, Kw34, Kw35 and 6 more | 2024-11-21 | 6.5 Medium |
| The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer header and executes certain memory contents upon receiving a packet with a Link Layer ID (LLID) equal to zero. This allows attackers within radio range to cause deadlocks, cause anomalous behavior in the BLE state machine, or trigger a buffer overflow via a crafted BLE Link Layer frame. | ||||
| CVE-2019-17059 | 1 Sophos | 2 Cyberoam, Cyberoamos | 2024-11-21 | 9.8 Critical |
| A shell injection vulnerability on the Sophos Cyberoam firewall appliance with CyberoamOS before 10.6.6 MR-6 allows remote attackers to execute arbitrary commands via the Web Admin and SSL VPN consoles. | ||||
| CVE-2019-17058 | 1 Footy | 1 Tipping Software | 2024-11-21 | 9.1 Critical |
| Footy Tipping Software AFL Web Edition 2019 allows arbitrary file upload and resultant remote code execution because a whitelist can be bypassed by an Administrator who uploads a crafted upload.dat file. | ||||
| CVE-2019-17057 | 1 Footy | 1 Tipping Software | 2024-11-21 | 6.1 Medium |
| Footy Tipping Software AFL Web Edition 2019 allows XSS. | ||||
| CVE-2019-17056 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.3 Low |
| llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176. | ||||
| CVE-2019-17055 | 6 Canonical, Debian, Fedoraproject and 3 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2024-11-21 | 3.3 Low |
| base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. | ||||
| CVE-2019-17054 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.3 Low |
| atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. | ||||
| CVE-2019-17053 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-11-21 | 3.3 Low |
| ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. | ||||
| CVE-2019-17052 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 3.3 Low |
| ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel 3.16 through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768. | ||||
| CVE-2019-17051 | 1 Evernote | 1 Evernote | 2024-11-21 | 7.8 High |
| Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file. | ||||
| CVE-2019-17050 | 1 Thecontrolgroup | 1 Voyager | 2024-11-21 | 7.2 High |
| An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin privileges and Compass access can read or delete arbitrary files, such as the .env file. NOTE: a software maintainer has suggested a solution in which Compass is switched off in a production environment. | ||||
| CVE-2019-17049 | 1 Netgear | 2 Srx5308, Srx5308 Firmware | 2024-11-21 | 7.5 High |
| NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. | ||||
| CVE-2019-17046 | 1 Ilch | 1 Ilch Cms | 2024-11-21 | 7.2 High |
| Ilch 2.1.22 allows remote code execution because php is listed under "Allowed files" on the index.php/admin/media/settings/index page. | ||||
| CVE-2019-17045 | 1 Ilch | 1 Ilch Cms | 2024-11-21 | 4.8 Medium |
| Ilch 2.1.22 allows stored XSS via the title, text, or email id to the Jobs Tab. | ||||
| CVE-2019-17044 | 2 Bmc, Linux | 2 Patrol Agent, Linux Kernel | 2024-11-21 | 7.8 High |
| An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the PatrolAgent SUID binary could allow an attacker with "patrol" privileges to elevate his/her privileges to the ones of the "root" user by specially crafting a shared library .so file that will be loaded during execution. | ||||
| CVE-2019-17043 | 1 Bmc | 1 Patrol Agent | 2024-11-21 | 7.8 High |
| An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during execution. | ||||