Export limit exceeded: 360678 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360678 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360678 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13603 | 1 Hidglobal | 2 Digital Persona U.are.u 4500, Digital Persona U.are.u 4500 Driver Firmware | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combination with retrieving an encrypted fingerprint image and encryption key (through another vulnerability), allows an attacker to obtain a user's fingerprint image. | ||||
| CVE-2019-13602 | 4 Canonical, Debian, Opensuse and 1 more | 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more | 2024-11-21 | 7.8 High |
| An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file. | ||||
| CVE-2019-13599 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 5.3 Medium |
| In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times. | ||||
| CVE-2019-13598 | 1 Getvera | 2 Vera Edge, Vera Edge Firmware | 2024-11-21 | N/A |
| LuaUPnP in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via the code parameter to /port_3480/data_request because the "No unsafe lua allowed" code block is skipped. | ||||
| CVE-2019-13597 | 1 Sahipro | 1 Sahi Pro | 2024-11-21 | N/A |
| _s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function. | ||||
| CVE-2019-13594 | 1 Mirumee | 1 Saleor | 2024-11-21 | N/A |
| In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server. | ||||
| CVE-2019-13590 | 1 Sound Exchange Project | 1 Sound Exchange | 2024-11-21 | 5.5 Medium |
| An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro that wraps malloc. When a NULL pointer is returned, it is used without a prior check that it is a valid pointer, leading to a NULL pointer dereference on lsx_readbuf in formats_i.c. | ||||
| CVE-2019-13589 | 1 Anjlab | 1 Paranoid2 | 2024-11-21 | N/A |
| The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5. | ||||
| CVE-2019-13588 | 1 Wikindx Project | 1 Wikindx | 2024-11-21 | N/A |
| A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter. | ||||
| CVE-2019-13585 | 1 Fanucamerica | 1 Robotics Virtual Robot Controller | 2024-11-21 | 9.8 Critical |
| The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request. | ||||
| CVE-2019-13584 | 1 Fanucamerica | 1 Robotics Virtual Robot Controller | 2024-11-21 | N/A |
| The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request. | ||||
| CVE-2019-13582 | 1 Marvell | 2 88w8688, 88w8688 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A stack overflow could lead to denial of service or arbitrary code execution. | ||||
| CVE-2019-13581 | 1 Marvell | 2 88w8688, 88w8688 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Marvell 88W8688 Wi-Fi firmware before version p52, as used on Tesla Model S/X vehicles manufactured before March 2018, via the Parrot Faurecia Automotive FC6050W module. A heap-based buffer overflow allows remote attackers to cause a denial of service or execute arbitrary code via malformed Wi-Fi packets. | ||||
| CVE-2019-13578 | 1 Givewp | 1 Givewp | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php. | ||||
| CVE-2019-13577 | 1 Computerlab | 1 Maple Computer Wbt Snmp Administrator | 2024-11-21 | N/A |
| SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987. | ||||
| CVE-2019-13575 | 1 Wpeverest | 1 Everest Forms | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.php | ||||
| CVE-2019-13574 | 2 Debian, Minimagick Project | 2 Debian Linux, Minimagick | 2024-11-21 | N/A |
| In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command. | ||||
| CVE-2019-13573 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in the FolioVision FV Flowplayer Video Player plugin before 7.3.19.727 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | ||||
| CVE-2019-13572 | 1 Adenion | 1 Blog2social | 2024-11-21 | 9.8 Critical |
| The Adenion Blog2Social plugin through 5.5.0 for WordPress allows SQL Injection. | ||||
| CVE-2019-13571 | 1 Vsourz | 1 Advanced Cf7 Db | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability exists in the Vsourz Digital Advanced CF7 DB plugin through 1.6.1 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system. | ||||