Export limit exceeded: 360057 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360057 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360057 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360057 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12250 | 1 Identityserver | 1 Identityserver4 | 2024-11-21 | N/A |
| IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log. NOTE: the software maintainer disputes that this is a vulnerability because the request logger is not part of IdentityServer but only our development test host | ||||
| CVE-2019-12248 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.7, Community Edition 6.0.x through 6.0.19, and Community Edition 5.0.x through 5.0.36. An attacker could send a malicious email to an OTRS system. If a logged-in agent user quotes it, the email could cause the browser to load external image resources. | ||||
| CVE-2019-12247 | 1 Qemu | 1 Qemu | 2024-11-21 | N/A |
| QEMU 3.0.0 has an Integer Overflow because the qga/commands*.c files do not check the length of the argument list or the number of environment variables. NOTE: This has been disputed as not exploitable | ||||
| CVE-2019-12246 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 4.3 Medium |
| SilverStripe through 4.3.3 allows a Denial of Service on flush and development URL tools. | ||||
| CVE-2019-12245 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 5.3 Medium |
| SilverStripe through 4.3.3 has incorrect access control for protected files uploaded via Upload::loadIntoFile(). An attacker may be able to guess a filename in silverstripe/assets via the AssetControlExtension. | ||||
| CVE-2019-12243 | 1 Istio | 1 Istio | 2024-11-21 | N/A |
| Istio 1.1.x through 1.1.6 has Incorrect Access Control. | ||||
| CVE-2019-12241 | 1 Carts.guru | 1 Carts Guru | 2024-11-21 | N/A |
| The Carts Guru plugin 1.4.5 for WordPress allows Insecure Deserialization via a cartsguru-source cookie to classes/wc-cartsguru-event-handler.php. | ||||
| CVE-2019-12240 | 1 Virim Project | 1 Virim | 2024-11-21 | N/A |
| The Virim plugin 0.4 for WordPress allows Insecure Deserialization via s_values, t_values, or c_values in graph.php. | ||||
| CVE-2019-12239 | 1 Wpbookingsystem | 1 Wp Booking System | 2024-11-21 | 7.2 High |
| The WP Booking System plugin 1.5.1 for WordPress has no CSRF protection, which allows attackers to reach certain SQL injection issues that require administrative access. | ||||
| CVE-2019-12223 | 1 Hanwha-security | 6 Srn-1673s, Srn-1673s Firmware, Srn-472s and 3 more | 2024-11-21 | N/A |
| An issue was discovered in NVR WebViewer on Hanwah Techwin SRN-472s 1.07_190502 devices, and other SRN-x devices before 2019-05-03. A system crash and reboot can be achieved by submitting a long username in excess of 117 characters. The username triggers a buffer overflow in the main process controlling operation of the DVR system, rendering services unavailable during the reboot operation. A repeated attack affects availability as long as the attacker has network access to the device. | ||||
| CVE-2019-12222 | 1 Libsdl | 1 Simple Directmedia Layer | 2024-11-21 | N/A |
| An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9. There is an out-of-bounds read in the function SDL_InvalidateMap at video/SDL_pixels.c. | ||||
| CVE-2019-12221 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. | ||||
| CVE-2019-12220 | 1 Libsdl | 2 Sdl2 Image, Simple Directmedia Layer | 2024-11-21 | N/A |
| An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c. | ||||
| CVE-2019-12219 | 1 Libsdl | 2 Sdl2 Image, Simple Directmedia Layer | 2024-11-21 | N/A |
| An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c. | ||||
| CVE-2019-12218 | 1 Libsdl | 2 Sdl2 Image, Simple Directmedia Layer | 2024-11-21 | N/A |
| An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. | ||||
| CVE-2019-12217 | 1 Libsdl | 2 Sdl2 Image, Simple Directmedia Layer | 2024-11-21 | N/A |
| An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c. | ||||
| CVE-2019-12216 | 4 Canonical, Debian, Fedoraproject and 1 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. | ||||
| CVE-2019-12215 | 1 Matomo | 1 Matomo | 2024-11-21 | N/A |
| A full path disclosure vulnerability was discovered in Matomo v3.9.1 where a user can trigger a particular error to discover the full path of Matomo on the disk, because lastError.file is used in plugins/CorePluginsAdmin/templates/safemode.twig. NOTE: the vendor disputes the significance of this issue, stating "avoid reporting path disclosures, as we don't consider them as security vulnerabilities. | ||||
| CVE-2019-12214 | 1 Freeimage Project | 1 Freeimage | 2024-11-21 | N/A |
| In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data. | ||||
| CVE-2019-12213 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 6.5 Medium |
| When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion. | ||||