Export limit exceeded: 363357 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363357 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17555 | 1 Apache | 1 Olingo | 2024-11-21 | 7.5 High |
| The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. If a malicious server returns a huge value in the header, then it can help to implement a DoS attack. | ||||
| CVE-2019-17554 | 1 Apache | 1 Olingo | 2024-11-21 | 5.5 Medium |
| The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks. | ||||
| CVE-2019-17553 | 1 Metinfo | 1 Metinfo | 2024-11-21 | 9.8 Critical |
| An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the admin/?n=tags&c=index&a=doSaveTags URI. | ||||
| CVE-2019-17552 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 9.8 Critical |
| An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload. | ||||
| CVE-2019-17551 | 1 Apakgroup | 1 Wholesale Floorplanning Finance | 2024-11-21 | 6.1 Medium |
| In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text parameter in the Notes section. Although versions 6.31.8.3 and 6.31.8.5 are confirmed to be affected, all versions with the vulnerable WYSIWYG editor in the Notes section are likely affected. | ||||
| CVE-2019-17550 | 1 Adenion | 1 Blog2social | 2024-11-21 | 6.1 Medium |
| The Blog2Social plugin before 5.9.0 for WordPress is affected by: Cross Site Scripting (XSS). The impact is: Allows an attacker to execute arbitrary HTML and JavaScript code via the b2s_id parameter. The component is: views/b2s/post.calendar.php. The attack vector is: When the Administrator is logged in, a reflected XSS may execute upon a click on a malicious URL. | ||||
| CVE-2019-17549 | 1 Eset | 1 Cyber Security | 2024-11-21 | 6.5 Medium |
| ESET Cyber Security before 6.8.1.0 is vulnerable to a denial-of-service allowing any user to stop (kill) ESET processes. An attacker can abuse this bug to stop the protection from ESET and launch his attack. | ||||
| CVE-2019-17547 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 8.8 High |
| In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free. | ||||
| CVE-2019-17545 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Backports Sle and 3 more | 2024-11-21 | 9.8 Critical |
| GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. | ||||
| CVE-2019-17544 | 2 Canonical, Gnu | 2 Ubuntu Linux, Aspell | 2024-11-21 | 9.1 Critical |
| libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. | ||||
| CVE-2019-17543 | 1 Lz4 Project | 1 Lz4 | 2024-11-21 | 8.1 High |
| LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk." | ||||
| CVE-2019-17542 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2024-11-21 | 9.8 Critical |
| FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. | ||||
| CVE-2019-17541 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2024-11-21 | 8.8 High |
| ImageMagick before 7.0.8-55 has a use-after-free in DestroyStringInfo in MagickCore/string.c because the error manager is mishandled in coders/jpeg.c. | ||||
| CVE-2019-17540 | 3 Debian, Imagemagick, Redhat | 3 Debian Linux, Imagemagick, Enterprise Linux | 2024-11-21 | 8.8 High |
| ImageMagick before 7.0.8-54 has a heap-based buffer overflow in ReadPSInfo in coders/ps.c. | ||||
| CVE-2019-17539 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2024-11-21 | 9.8 Critical |
| In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer. | ||||
| CVE-2019-17538 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 7.5 High |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring. | ||||
| CVE-2019-17537 | 1 Jnoj | 1 Jiangnan Online Judge | 2024-11-21 | 7.5 High |
| Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file deletion via the web/polygon/problem/deletefile?id=1&name=../ substring. | ||||
| CVE-2019-17536 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 4.9 Medium |
| Gila CMS through 1.11.4 allows Unrestricted Upload of a File with a Dangerous Type via the moveAction function in core/controllers/fm.php. The attacker needs to use admin/media_upload and fm/move. | ||||
| CVE-2019-17535 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.1 Medium |
| Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. | ||||
| CVE-2019-17534 | 1 Libvips | 1 Libvips | 2024-11-21 | 8.8 High |
| vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free. | ||||