Export limit exceeded: 361598 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361598 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16378 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 9.8 Critical |
| OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message. | ||||
| CVE-2019-16377 | 1 Makandra | 1 Consul | 2024-11-21 | 9.8 Critical |
| The makandra consul gem through 1.0.2 for Ruby has Incorrect Access Control. | ||||
| CVE-2019-16375 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article. | ||||
| CVE-2019-16374 | 1 Pega | 1 Platform | 2024-11-21 | 9.8 Critical |
| Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control. | ||||
| CVE-2019-16371 | 1 Logmein | 1 Lastpass | 2024-11-21 | 8.2 High |
| LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be bypassed via clickjacking. | ||||
| CVE-2019-16370 | 1 Gradle | 1 Gradle | 2024-11-21 | 5.9 Medium |
| The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900. | ||||
| CVE-2019-16366 | 1 Moddable | 2 Moddable, Xs | 2024-11-21 | 9.8 Critical |
| In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst. | ||||
| CVE-2019-16355 | 1 Beego | 1 Beego | 2024-11-21 | 5.5 Medium |
| The File Session Manager in Beego 1.10.0 allows local users to read session files because of weak permissions for individual files. | ||||
| CVE-2019-16354 | 1 Beego | 1 Beego | 2024-11-21 | 4.7 Medium |
| The File Session Manager in Beego 1.10.0 allows local users to read session files because there is a race condition involving file creation within a directory with weak permissions. | ||||
| CVE-2019-16353 | 1 Geautomation | 1 Proficy | 2024-11-21 | 7.5 High |
| Emerson GE Automation Proficy Machine Edition 8.0 allows an access violation and application crash via crafted traffic from a remote device, as demonstrated by an RX7i device. | ||||
| CVE-2019-16352 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | 6.5 Medium |
| ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c. | ||||
| CVE-2019-16351 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | 6.5 Medium |
| ffjpeg before 2019-08-18 has a NULL pointer dereference in huffman_decode_step() at huffman.c. | ||||
| CVE-2019-16350 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | 6.5 Medium |
| ffjpeg before 2019-08-18 has a NULL pointer dereference in idct2d8x8() at dct.c. | ||||
| CVE-2019-16349 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 5.5 Medium |
| Bento4 1.5.1-628 has a NULL pointer dereference in AP4_ByteStream::ReadUI32 in Core/Ap4ByteStream.cpp when called from the AP4_TrunAtom class. | ||||
| CVE-2019-16348 | 1 Libwav Project | 1 Libwav | 2024-11-21 | 6.5 Medium |
| marc-q libwav through 2017-04-20 has a NULL pointer dereference in gain_file() at wav_gain.c. | ||||
| CVE-2019-16347 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 8.8 High |
| ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | ||||
| CVE-2019-16346 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 8.8 High |
| ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | ||||
| CVE-2019-16344 | 1 Scadabr | 1 Scadabr | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter. | ||||
| CVE-2019-16340 | 1 Linksys | 6 Velop Whw0301, Velop Whw0301 Firmware, Velop Whw0302 and 3 more | 2024-11-21 | 9.8 Critical |
| Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. | ||||
| CVE-2019-16338 | 1 Hancom | 1 Hancom Office Neo | 2024-11-21 | 7.8 High |
| The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 allows a use-after-free via a crafted .docx file. | ||||