Export limit exceeded: 362544 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 362544 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362544 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16236 | 4 Canonical, Debian, Dino and 1 more | 4 Ubuntu Linux, Debian Linux, Dino and 1 more | 2024-11-21 | 7.5 High |
| Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. | ||||
| CVE-2019-16235 | 4 Canonical, Debian, Dino and 1 more | 4 Ubuntu Linux, Debian Linux, Dino and 1 more | 2024-11-21 | 7.5 High |
| Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. | ||||
| CVE-2019-16234 | 4 Canonical, Linux, Opensuse and 1 more | 4 Ubuntu Linux, Linux Kernel, Leap and 1 more | 2024-11-21 | 4.7 Medium |
| drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | ||||
| CVE-2019-16233 | 4 Canonical, Linux, Opensuse and 1 more | 5 Ubuntu Linux, Linux Kernel, Leap and 2 more | 2024-11-21 | 4.1 Medium |
| drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | ||||
| CVE-2019-16232 | 4 Canonical, Fedoraproject, Linux and 1 more | 4 Ubuntu Linux, Fedora, Linux Kernel and 1 more | 2024-11-21 | 4.1 Medium |
| drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | ||||
| CVE-2019-16231 | 4 Canonical, Linux, Opensuse and 1 more | 5 Ubuntu Linux, Linux Kernel, Leap and 2 more | 2024-11-21 | 4.1 Medium |
| drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. | ||||
| CVE-2019-16229 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 4.1 Medium |
| drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: The security community disputes this issues as not being serious enough to be deserving a CVE id | ||||
| CVE-2019-16228 | 1 Py-lmdb Project | 1 Py-lmdb | 2024-11-21 | 7.5 High |
| An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. | ||||
| CVE-2019-16227 | 1 Py-lmdb Project | 1 Py-lmdb | 2024-11-21 | 9.8 Critical |
| An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. | ||||
| CVE-2019-16226 | 1 Py-lmdb Project | 1 Py-lmdb | 2024-11-21 | 7.5 High |
| An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. | ||||
| CVE-2019-16225 | 1 Py-lmdb Project | 1 Py-lmdb | 2024-11-21 | 9.8 Critical |
| An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. | ||||
| CVE-2019-16224 | 1 Py-lmdb Project | 1 Py-lmdb | 2024-11-21 | 9.8 Critical |
| An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. | ||||
| CVE-2019-16223 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 5.4 Medium |
| WordPress before 5.2.3 allows XSS in post previews by authenticated users. | ||||
| CVE-2019-16222 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 6.1 Medium |
| WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks. | ||||
| CVE-2019-16221 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 6.1 Medium |
| WordPress before 5.2.3 allows reflected XSS in the dashboard. | ||||
| CVE-2019-16220 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 6.1 Medium |
| In WordPress before 5.2.3, validation and sanitization of a URL in wp_validate_redirect in wp-includes/pluggable.php could lead to an open redirect if a provided URL path does not start with a forward slash. | ||||
| CVE-2019-16219 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 6.1 Medium |
| WordPress before 5.2.3 allows XSS in shortcode previews. | ||||
| CVE-2019-16218 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 6.1 Medium |
| WordPress before 5.2.3 allows XSS in stored comments. | ||||
| CVE-2019-16217 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-11-21 | 6.1 Medium |
| WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. | ||||
| CVE-2019-16216 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 5.4 Medium |
| Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11. On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself. | ||||