Export limit exceeded: 361738 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361738 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16281 | 1 Ptarmigan Project | 1 Ptarmigan | 2024-11-21 | 7.5 High |
| Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true;} return false;" code block. | ||||
| CVE-2019-16279 | 1 Nazgul | 1 Nostromo Nhttpd | 2024-11-21 | 7.5 High |
| A memory error in the function SSL_accept in nostromo nhttpd through 1.9.6 allows an attacker to trigger a denial of service via a crafted HTTP request. | ||||
| CVE-2019-16277 | 1 Picoc Project | 1 Picoc | 2024-11-21 | 7.8 High |
| PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c. | ||||
| CVE-2019-16276 | 6 Debian, Fedoraproject, Golang and 3 more | 11 Debian Linux, Fedora, Go and 8 more | 2024-11-21 | 7.5 High |
| Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. | ||||
| CVE-2019-16275 | 3 Canonical, Debian, W1.fi | 4 Ubuntu Linux, Debian Linux, Hostapd and 1 more | 2024-11-21 | 6.5 Medium |
| hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. | ||||
| CVE-2019-16274 | 1 Dten | 4 D5, D5 Firmware, D7 and 1 more | 2024-11-21 | 7.5 High |
| DTEN D5 before 1.3 and D7 before 1.3 devices transfer customer data files via unencrypted HTTP. | ||||
| CVE-2019-16273 | 1 Dten | 4 D5, D5 Firmware, D7 and 1 more | 2024-11-21 | 9.8 Critical |
| DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge (adb), leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the Android OS. | ||||
| CVE-2019-16272 | 1 Dten | 4 D5, D5 Firmware, D7 and 1 more | 2024-11-21 | 9.8 Critical |
| On DTEN D5 and D7 before 1.3.4 devices, factory settings allows for firmware reflash and Android Debug Bridge (adb) enablement. | ||||
| CVE-2019-16271 | 1 Dten | 4 D5, D5 Firmware, D7 and 1 more | 2024-11-21 | 5.3 Medium |
| DTEN D5 and D7 before 1.3.2 devices allows remote attackers to read saved whiteboard image PDF documents via storage/emulated/0/Notes/PDF on TCP port 8080 without authentication. | ||||
| CVE-2019-16268 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2024-11-21 | 4.8 Medium |
| Zoho ManageEngine Remote Access Plus 10.0.259 allows HTML injection via the Description field on the Admin - User Administration userMgmt.do?actionToCall=ShowUser screen. | ||||
| CVE-2019-16265 | 1 Codesys | 2 Codesys, Eni Server | 2024-11-21 | 9.8 Critical |
| CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. | ||||
| CVE-2019-16264 | 1 Egpp | 1 Sistema Integrado De Gestion Academica | 2024-11-21 | 9.8 Critical |
| In Escuela de Gestion Publica Plurinacional (EGPP) Sistema Integrado de Gestion Academica (GESAC) v1, the username parameter of the authentication form is vulnerable to SQL injection, allowing attackers to access the database. | ||||
| CVE-2019-16263 | 1 Twitter | 1 Twitter Kit | 2024-11-21 | 7.4 High |
| The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an end-of-life product. | ||||
| CVE-2019-16258 | 1 Hom.ee | 2 Brain Cube, Brain Cube Core | 2024-11-21 | 6.8 Medium |
| The bootloader of the homee Brain Cube V2 through 2.23.0 allows attackers with physical access to gain root access by manipulating the U-Boot environment via the CLI after connecting to the internal UART interface. | ||||
| CVE-2019-16257 | 1 Motorola | 2 Motorola, Motorola Firmware | 2024-11-21 | 9.8 Critical |
| Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka Simjacker. | ||||
| CVE-2019-16255 | 5 Debian, Opensuse, Oracle and 2 more | 8 Debian Linux, Leap, Graalvm and 5 more | 2024-11-21 | 8.1 High |
| Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method. | ||||
| CVE-2019-16254 | 3 Debian, Redhat, Ruby-lang | 6 Debian Linux, Enterprise Linux, Rhel E4s and 3 more | 2024-11-21 | 5.3 Medium |
| Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. NOTE: this issue exists because of an incomplete fix for CVE-2017-17742, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. | ||||
| CVE-2019-16253 | 1 Samsung | 1 Text-to-speech | 2024-11-21 | 7.8 High |
| The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755. | ||||
| CVE-2019-16252 | 1 Nutfind | 1 Nutfind | 2024-11-21 | 5.9 Medium |
| Missing SSL Certificate Validation in the Nutfind.com application through 3.9.12 for Android allows a man-in-the-middle attacker to sniff and manipulate all API requests, including login credentials and location data. | ||||
| CVE-2019-16251 | 1 Yithemes | 38 Yith Advanced Refund System For Woocommerce, Yith Color And Label Variations For Woocommerce, Yith Custom Thank You Page For Woocommerce and 35 more | 2024-11-21 | 4.3 Medium |
| plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. | ||||