Export limit exceeded: 359534 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359534 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1010220 | 1 Tcpdump | 1 Tcpdump | 2024-11-21 | N/A |
| tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". The attack vector is: The victim must open a specially crafted pcap file. | ||||
| CVE-2019-1010218 | 1 Cherokee-project | 1 Cherokee Web Server | 2024-11-21 | 7.5 High |
| Cherokee Webserver Latest Cherokee Web server Upto Version 1.2.103 (Current stable) is affected by: Buffer Overflow - CWE-120. The impact is: Crash. The component is: Main cherokee command. The attack vector is: Overwrite argv[0] to an insane length with execl. The fixed version is: There's no fix yet. | ||||
| CVE-2019-1010209 | 1 Gorul | 1 Gourl | 2024-11-21 | N/A |
| GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload executable file in website. The component is: gourl.php#L5637. The fixed version is: 1.4.14. | ||||
| CVE-2019-1010208 | 1 Idrix | 2 Truecrypt, Veracrypt | 2024-11-21 | N/A |
| IDRIX, Truecrypt Veracrypt, Truecrypt Prior to 1.23-Hotfix-1 (Veracrypt), all versions (Truecrypt) is affected by: Buffer Overflow. The impact is: Minor information disclosure of kernel stack. The component is: Veracrypt NT Driver (veracrypt.sys). The attack vector is: Locally executed code, IOCTL request to driver. The fixed version is: 1.23-Hotfix-1. | ||||
| CVE-2019-1010207 | 1 Genetechsolutions | 1 Pie Register | 2024-11-21 | N/A |
| Genetechsolutions Pie Register 3.0.15 is affected by: Cross Site Scripting (XSS). The impact is: Stealing of session cookies. The component is: File: Login. Parameters: interim-login, wp-lang, and supplied URL. The attack vector is: If a victim clicks a malicious link, the attacker can steal his/her account. The fixed version is: 3.0.16. | ||||
| CVE-2019-1010206 | 1 Http Request Project | 1 Http Request | 2024-11-21 | 5.9 Medium |
| OSS Http Request (Apache Cordova Plugin) 6 is affected by: Missing SSL certificate validation. The impact is: certificate spoofing. The component is: use this library when https communication. The attack vector is: certificate spoofing. | ||||
| CVE-2019-1010205 | 1 Linagora | 1 Hublin | 2024-11-21 | N/A |
| LINAGORA hublin latest (commit 72ead897082403126bf8df9264e70f0a9de247ff) is affected by: Directory Traversal. The impact is: The vulnerability allows an attacker to access any file (with a fixed extension) on the server. The component is: A web-view renderer; details here: https://lgtm.com/projects/g/linagora/hublin/snapshot/af9f1ce253b4ee923ff8da8f9d908d02a8e95b7f/files/backend/webserver/views.js?sort=name&dir=ASC&mode=heatmap&showExcluded=false#xb24eb0101d2aec21:1. The attack vector is: Attacker sends a specially crafted HTTP request. | ||||
| CVE-2019-1010204 | 3 Gnu, Netapp, Redhat | 5 Binutils, Binutils Gold, Hci Management Node and 2 more | 2024-11-21 | 5.5 Medium |
| GNU binutils gold gold v1.11-v1.16 (GNU binutils v2.21-v2.31.1) is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The impact is: Denial of service. The component is: gold/fileread.cc:497, elfcpp/elfcpp_file.h:644. The attack vector is: An ELF file with an invalid e_shoff header field must be opened. | ||||
| CVE-2019-1010202 | 1 Jeesite | 1 Jeesite | 2024-11-21 | N/A |
| Jeesite 1.2.7 is affected by: XML External Entity (XXE). The impact is: sensitive information disclosure. The component is: convertToModel() function in src/main/java/com.thinkgem.jeesite/modules/act/service/ActProcessService.java. The attack vector is: network connectivity,authenticated,must upload a specially crafted xml file. The fixed version is: 4.0 and later. | ||||
| CVE-2019-1010201 | 1 Jeesite | 1 Jeesite | 2024-11-21 | N/A |
| Jeesite 1.2.7 is affected by: SQL Injection. The impact is: sensitive information disclosure. The component is: updateProcInsIdByBusinessId() function in src/main/java/com.thinkgem.jeesite/modules/act/ActDao.java has SQL Injection vulnerability. The attack vector is: network connectivity,authenticated. The fixed version is: 4.0 and later. | ||||
| CVE-2019-1010200 | 1 Google | 1 Voice Builder | 2024-11-21 | N/A |
| Voice Builder Prior to commit c145d4604df67e6fc625992412eef0bf9a85e26b and f6660e6d8f0d1d931359d591dbdec580fef36d36 is affected by: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). The impact is: Remote code execution with the same privileges as the servers. The component is: Two web servers in the projects expose three vulnerable endpoints that can be accessed remotely. The endpoints are defined at: - /tts: https://github.com/google/voice-builder/blob/3a449a3e8d5100ff323161c89b897f6d5ccdb6f9/merlin_model_server/api.js#L34 - /alignment: https://github.com/google/voice-builder/blob/3a449a3e8d5100ff323161c89b897f6d5ccdb6f9/festival_model_server/api.js#L28 - /tts: https://github.com/google/voice-builder/blob/3a449a3e8d5100ff323161c89b897f6d5ccdb6f9/festival_model_server/api.js#L65. The attack vector is: Attacker sends a GET request to the vulnerable endpoint with a specially formatted query parameter. The fixed version is: After commit f6660e6d8f0d1d931359d591dbdec580fef36d36. | ||||
| CVE-2019-1010199 | 1 Servicestack | 1 Servicestack | 2024-11-21 | N/A |
| ServiceStack ServiceStack Framework 4.5.14 is affected by: Cross Site Scripting (XSS). The impact is: JavaScrpit is reflected in the server response, hence executed by the browser. The component is: the query used in the GET request is prone. The attack vector is: Since there is no server-side validation and If Browser encoding is bypassed, the victim is affected when opening a crafted URL. The fixed version is: 5.2.0. | ||||
| CVE-2019-1010193 | 1 Hisiphp | 1 Hisiphp | 2024-11-21 | N/A |
| hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS). | ||||
| CVE-2019-1010191 | 1 Marginalia Project | 1 Marginalia | 2024-11-21 | N/A |
| marginalia < 1.6 is affected by: SQL Injection. The impact is: The impact is a injection of any SQL queries when a user controller argument is added as a component. The component is: Affects users that add a component that is user controller, for instance a parameter or a header. The attack vector is: Hacker inputs a SQL to a vulnerable vector(header, http parameter, etc). The fixed version is: 1.6. | ||||
| CVE-2019-1010190 | 1 Mgetty Project | 1 Mgetty | 2024-11-21 | 5.6 Medium |
| mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan() in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is: 1.2.1. | ||||
| CVE-2019-1010189 | 1 Mgetty Project | 1 Mgetty | 2024-11-21 | N/A |
| mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1. | ||||
| CVE-2019-1010183 | 1 Serde-yaml Project | 1 Serde-yaml | 2024-11-21 | N/A |
| serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from_* functions (all deserialization functions). The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later. | ||||
| CVE-2019-1010182 | 1 Yaml-rust Project | 1 Yaml-rust | 2024-11-21 | N/A |
| yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::load_from_str function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later. | ||||
| CVE-2019-1010180 | 3 Gnu, Opensuse, Redhat | 3 Gdb, Leap, Enterprise Linux | 2024-11-21 | 7.8 High |
| GNU gdb All versions is affected by: Buffer Overflow - Out of bound memory access. The impact is: Deny of Service, Memory Disclosure, and Possible Code Execution. The component is: The main gdb module. The attack vector is: Open an ELF for debugging. The fixed version is: Not fixed yet. | ||||
| CVE-2019-1010179 | 1 Phkp Project | 1 Phkp | 2024-11-21 | N/A |
| PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affected by: Improper Neutralization of Special Elements used in a Command ('Command Injection'). The impact is: It is possible to manipulate gpg-keys or execute commands remotely. The component is: function pgp_exec() phkp.php:98. The attack vector is: HKP-Api: /pks/lookup?search. | ||||