Export limit exceeded: 361804 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361804 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361804 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16889 | 1 Ui | 24 Ep-r6, Ep-r6 Firmware, Ep-r8 and 21 more | 2024-11-21 | 7.5 High |
| Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service (disk consumption) because *.cache files in /var/run/beaker/container_file/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The attacker can use a long series of unique session IDs. | ||||
| CVE-2019-16887 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| In IrfanView 4.53, Data from a Faulting Address controls a subsequent Write Address starting at image00400000+0x000000000001dcfc. | ||||
| CVE-2019-16885 | 1 Okay-cms | 1 Okaycms | 2024-11-21 | 9.8 Critical |
| In OkayCMS through 2.3.4, an unauthenticated attacker can achieve remote code execution by injecting a malicious PHP object via a crafted cookie. This could happen at two places: first in view/ProductsView.php using the cookie price_filter, and second in api/Comparison.php via the cookie comparison. | ||||
| CVE-2019-16884 | 6 Canonical, Docker, Fedoraproject and 3 more | 12 Ubuntu Linux, Docker, Fedora and 9 more | 2024-11-21 | 7.5 High |
| runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | ||||
| CVE-2019-16882 | 1 String-interner Project | 1 String-interner | 2024-11-21 | 7.5 High |
| An issue was discovered in the string-interner crate before 0.7.1 for Rust. It allows attackers to read from memory locations associated with dangling pointers, because of a cloning flaw. | ||||
| CVE-2019-16881 | 1 Portaudio-rs Project | 1 Portaudio-rs | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the portaudio-rs crate through 0.3.1 for Rust. There is a use-after-free with resultant arbitrary code execution because of a lack of unwind safety in stream_callback and stream_finished_callback. | ||||
| CVE-2019-16880 | 1 Linea Project | 1 Linea | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the linea crate through 0.9.4 for Rust. There is double free in the Matrix::zip_elements method. | ||||
| CVE-2019-16879 | 1 Mysyngeryss | 2 Husky Rtu 6049-e70, Husky Rtu 6049-e70 Firmware | 2024-11-21 | 9.8 Critical |
| The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has a Missing Authentication for Critical Function (CWE-306) vulnerability. The affected product does not require authentication for TELNET access, which may allow an attacker to change configuration or perform other malicious activities. | ||||
| CVE-2019-16878 | 1 Portainer | 1 Portainer | 2024-11-21 | 5.4 Medium |
| Portainer before 1.22.1 has XSS (issue 2 of 2). | ||||
| CVE-2019-16877 | 1 Portainer | 1 Portainer | 2024-11-21 | 8.8 High |
| Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). | ||||
| CVE-2019-16876 | 1 Portainer | 1 Portainer | 2024-11-21 | 7.5 High |
| Portainer before 1.22.1 allows Directory Traversal. | ||||
| CVE-2019-16874 | 1 Portainer | 1 Portainer | 2024-11-21 | 6.5 Medium |
| Portainer before 1.22.1 has Incorrect Access Control (issue 2 of 4). | ||||
| CVE-2019-16873 | 1 Portainer | 1 Portainer | 2024-11-21 | 5.4 Medium |
| Portainer before 1.22.1 has XSS (issue 1 of 2). | ||||
| CVE-2019-16872 | 1 Portainer | 1 Portainer | 2024-11-21 | 9.9 Critical |
| Portainer before 1.22.1 has Incorrect Access Control (issue 1 of 4). | ||||
| CVE-2019-16871 | 1 Beckhoff | 1 Twincat | 2024-11-21 | 9.8 Critical |
| Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol. | ||||
| CVE-2019-16868 | 1 Emlog | 1 Emlog | 2024-11-21 | 9.8 Critical |
| emlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak[] parameter. | ||||
| CVE-2019-16867 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 6.5 Medium |
| HongCMS 3.0.0 allows arbitrary file deletion via a ../ in the file parameter to admin/index.php/database/ajax?action=delete, a similar issue to CVE-2018-16774. (If the attacker deletes config.php and visits install/index.php, they can reinstall the product.) | ||||
| CVE-2019-16866 | 2 Canonical, Nlnetlabs | 2 Ubuntu Linux, Unbound | 2024-11-21 | 7.5 High |
| Unbound before 1.9.4 accesses uninitialized memory, which allows remote attackers to trigger a crash via a crafted NOTIFY query. The source IP address of the query must match an access-control rule. | ||||
| CVE-2019-16865 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Pillow, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Pillow before 6.2.0. When reading specially crafted invalid image files, the library can either allocate very large amounts of memory or take an extremely long period of time to process the image. | ||||
| CVE-2019-16864 | 2 Enterprisedt, Microsoft | 2 Completeftp Server, Windows | 2024-11-21 | 8.8 High |
| CompleteFTPService.exe in the server in EnterpriseDT CompleteFTP before 12.1.4 allows Remote Code Execution by leveraging a Windows user account that has SSH access. The exec command is always run as SYSTEM. | ||||