Export limit exceeded: 360672 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360672 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13590 | 1 Sound Exchange Project | 1 Sound Exchange | 2024-11-21 | 5.5 Medium |
| An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c. | ||||
| CVE-2019-13589 | 1 Anjlab | 1 Paranoid2 | 2024-11-21 | N/A |
| The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5. | ||||
| CVE-2019-13588 | 1 Wikindx Project | 1 Wikindx | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter. | ||||
| CVE-2019-13585 | 1 Fanucamerica | 1 Robotics Virtual Robot Controller | 2024-11-21 | 9.8 Critical |
| The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request. | ||||
| CVE-2019-13584 | 1 Fanucamerica | 1 Robotics Virtual Robot Controller | 2024-11-21 | N/A |
| The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request. | ||||
| CVE-2019-13582 | 1 Marvell | 2 88w8688, 88w8688 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution. | ||||
| CVE-2019-13581 | 1 Marvell | 2 88w8688, 88w8688 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary code via malformed Wi-Fi packets. | ||||
| CVE-2019-13578 | 1 Givewp | 1 Givewp | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php. | ||||
| CVE-2019-13577 | 1 Computerlab | 1 Maple Computer Wbt Snmp Administrator | 2024-11-21 | N/A |
| SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987. | ||||
| CVE-2019-13575 | 1 Wpeverest | 1 Everest Forms | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php | ||||
| CVE-2019-13574 | 2 Debian, Minimagick Project | 2 Debian Linux, Minimagick | 2024-11-21 | N/A |
| In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command. | ||||
| CVE-2019-13573 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | ||||
| CVE-2019-13572 | 1 Adenion | 1 Blog2social | 2024-11-21 | 9.8 Critical |
| The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. | ||||
| CVE-2019-13571 | 1 Vsourz | 1 Advanced Cf7 Db | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | ||||
| CVE-2019-13570 | 1 Ajdg | 1 Adrotate | 2024-11-21 | N/A |
| The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection. | ||||
| CVE-2019-13569 | 1 Icegram | 1 Email Subscribers \& Newsletters | 2024-11-21 | N/A |
| A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | ||||
| CVE-2019-13568 | 1 Cimg | 1 Cimg | 2024-11-21 | N/A |
| CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image. | ||||
| CVE-2019-13567 | 1 Zoom | 1 Zoom | 2024-11-21 | 8.8 High |
| The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData. | ||||
| CVE-2019-13566 | 1 Ros | 1 Ros-comm | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. A buffer overflow allows attackers to cause a denial of service and possibly execute arbitrary code via an IP address with a long hostname. | ||||
| CVE-2019-13565 | 7 Apple, Canonical, Debian and 4 more | 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more | 2024-11-21 | 7.5 High |
| An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user. | ||||