Export limit exceeded: 361549 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361549 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12382 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | N/A |
| An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference | ||||
| CVE-2019-12381 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL | ||||
| CVE-2019-12380 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| **DISPUTED** An issue was discovered in the efi subsystem in the Linux kernel through 5.1.5. phys_efi_set_virtual_address_map in arch/x86/platform/efi/efi.c and efi_call_phys_prolog in arch/x86/platform/efi/efi_64.c mishandle memory allocation failures. NOTE: This id is disputed as not being an issue because “All the code touched by the referenced commit runs only at boot, before any user processes are started. Therefore, there is no possibility for an unprivileged user to control it.”. | ||||
| CVE-2019-12379 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc. NOTE: This id is disputed as not being an issue | ||||
| CVE-2019-12378 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A |
| An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue | ||||
| CVE-2019-12377 | 1 Ivanti | 1 Landesk Management Suite | 2024-11-21 | N/A |
| A vulnerable upl/async_upload.asp web API endpoint in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 allows arbitrary file upload, which may lead to arbitrary remote code execution. | ||||
| CVE-2019-12376 | 1 Ivanti | 1 Landesk Management Suite | 2024-11-21 | N/A |
| Use of a hard-coded encryption key in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to full managed endpoint compromise by an authenticated user with read privileges. | ||||
| CVE-2019-12375 | 1 Ivanti | 1 Landesk Management Suite | 2024-11-21 | N/A |
| Open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote information disclosure and arbitrary code execution. | ||||
| CVE-2019-12374 | 1 Ivanti | 1 Landesk Management Suite | 2024-11-21 | N/A |
| A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll. | ||||
| CVE-2019-12373 | 1 Ivanti | 1 Landesk Management Suite | 2024-11-21 | N/A |
| Improper access control and open directories in Ivanti LANDESK Management Suite (LDMS, aka Endpoint Manager) 10.0.1.168 Service Update 5 may lead to remote disclosure of administrator passwords. | ||||
| CVE-2019-12372 | 1 Petraware | 1 Ptransformer Adc | 2024-11-21 | N/A |
| Petraware pTransformer ADC before 2.1.7.22827 allows SQL Injection via the User ID parameter to the login form. | ||||
| CVE-2019-12370 | 1 Readdle | 1 Spark | 2024-11-21 | 6.1 Medium |
| The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12369 | 1 Typeapp | 1 Typeapp | 2024-11-21 | 6.1 Medium |
| The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12368 | 1 Edison | 1 Edison Mail | 2024-11-21 | 6.1 Medium |
| The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12367 | 1 Blixhq | 1 Bluemail | 2024-11-21 | 6.1 Medium |
| The BlueMail application through 1.9.5.36 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12366 | 1 9folders | 1 Nine | 2024-11-21 | 6.1 Medium |
| The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12365 | 1 Cloudmagic | 1 Newton | 2024-11-21 | 6.1 Medium |
| The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE permission. | ||||
| CVE-2019-12363 | 1 Mybb-2fa Project | 1 Mybb-2fa | 2024-11-21 | N/A |
| An CSRF issue was discovered in the JN-Jones MyBB-2FA plugin through 2014-11-05 for MyBB. An attacker can forge a request to an installed mybb2fa plugin to control its state via usercp.php?action=mybb2fa&do=deactivate (or usercp.php?action=mybb2fa&do=activate). A deactivate operation lowers the security of the targeted account by disabling two factor authentication. | ||||
| CVE-2019-12362 | 1 Phome | 1 Empirecms | 2024-11-21 | N/A |
| EmpireCMS 7.5.0 has XSS via the HTTP Referer header to e/member/doaction.php. | ||||
| CVE-2019-12361 | 1 Phome | 1 Empirecms | 2024-11-21 | N/A |
| EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page. | ||||