Export limit exceeded: 360678 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360678 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360678 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13246 | 1 Faststone | 1 Image Viewer | 2024-11-21 | N/A |
| FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a9601. | ||||
| CVE-2019-13245 | 1 Faststone | 1 Image Viewer | 2024-11-21 | N/A |
| FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x00000000001a95b1. | ||||
| CVE-2019-13244 | 1 Faststone | 1 Image Viewer | 2024-11-21 | N/A |
| FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d. | ||||
| CVE-2019-13243 | 1 Irfanview | 1 Irfanview | 2024-11-21 | N/A |
| IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x00000000000249c6. | ||||
| CVE-2019-13242 | 1 Irfanview | 1 Irfanview | 2024-11-21 | N/A |
| IrfanView 4.52 has a User Mode Write AV starting at image00400000+0x0000000000013a98. | ||||
| CVE-2019-13241 | 2 Canonical, Flightcrew Project | 2 Ubuntu Linux, Flightcrew | 2024-11-21 | 7.8 High |
| FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. | ||||
| CVE-2019-13240 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A |
| An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address. | ||||
| CVE-2019-13239 | 1 Glpi-project | 1 Glpi | 2024-11-21 | N/A |
| inc/user.class.php in GLPI before 9.4.3 allows XSS via a user picture. | ||||
| CVE-2019-13238 | 1 Axiosys | 1 Bento4 | 2024-11-21 | N/A |
| An issue was discovered in Bento4 1.5.1.0. A memory allocation failure is unhandled in Core/Ap4SdpAtom.cpp and leads to crashes. When parsing input video, the program allocates a new buffer to parse an atom in the stream. The unhandled memory allocation failure causes a direct copy to a NULL pointer. | ||||
| CVE-2019-13237 | 1 Alkacon | 1 Opencms Apollo Template | 2024-11-21 | 4.3 Medium |
| In Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple resources vulnerable to Local File Inclusion that allow an attacker to access server resources: clearhistory.jsp, convertxml.jsp, group_new.jsp, loginmessage.jsp, xmlcontentrepair.jsp, and /system/workplace/admin/history/settings/index.jsp. | ||||
| CVE-2019-13236 | 1 Alkacon | 1 Opencms | 2024-11-21 | N/A |
| In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface. | ||||
| CVE-2019-13235 | 1 Alkacon | 1 Opencms Apollo Template | 2024-11-21 | N/A |
| In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form. | ||||
| CVE-2019-13234 | 1 Alkacon | 1 Opencms Apollo Template | 2024-11-21 | N/A |
| In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine. | ||||
| CVE-2019-13233 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | N/A |
| In arch/x86/lib/insn-eval.c in the Linux kernel before 5.1.9, there is a use-after-free for access to an LDT entry because of a race condition between modify_ldt() and a #BR exception for an MPX bounds violation. | ||||
| CVE-2019-13232 | 3 Debian, Redhat, Unzip Project | 4 Debian Linux, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 3.3 Low |
| Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a "better zip bomb" issue. | ||||
| CVE-2019-13229 | 1 Deepin | 1 Deepin Clone | 2024-11-21 | N/A |
| deepin-clone before 1.1.3 uses a fixed path /tmp/partclone.log in the Helper::getPartitionSizeInfo() function to write a log file as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. | ||||
| CVE-2019-13228 | 1 Deepin | 1 Deepin-clone | 2024-11-21 | N/A |
| deepin-clone before 1.1.3 uses a fixed path /tmp/repo.iso in the BootDoctor::fix() function to download an ISO file, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. By winning a race condition to replace the /tmp/repo.iso symlink by an attacker controlled ISO file, further privilege escalation may be possible. | ||||
| CVE-2019-13227 | 1 Deepin | 1 Deepin-clone | 2024-11-21 | N/A |
| In GUI mode, deepin-clone before 1.1.3 creates a log file at the fixed path /tmp/.deepin-clone.log as root, and follows symlinks there. An unprivileged user can prepare a symlink attack there to create or overwrite files in arbitrary file system locations. The content is not attacker controlled. | ||||
| CVE-2019-13226 | 2 Deepin, Fedoraproject | 2 Deepin-clone, Fedora | 2024-11-21 | 7.0 High |
| deepin-clone before 1.1.3 uses a predictable path /tmp/.deepin-clone/mount/<block-dev-basename> in the Helper::temporaryMountDevice() function to temporarily mount a file system as root. An unprivileged user can prepare a symlink at this location to have the file system mounted in an arbitrary location. By winning a race condition, the attacker can also enter the mount point, thereby preventing a subsequent unmount of the file system. | ||||
| CVE-2019-13225 | 3 Fedoraproject, Oniguruma Project, Redhat | 3 Fedora, Oniguruma, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust. | ||||