Export limit exceeded: 343831 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10590 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10590 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20815 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 7.5 High |
| An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing. | ||||
| CVE-2019-20634 | 1 Proofpoint | 1 Email Protection | 2024-11-21 | 3.7 Low |
| An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails that receive preferable scores, with a goal of delivering malicious emails. | ||||
| CVE-2019-20627 | 1 Rbsoft | 1 Autoupdater.net | 2024-11-21 | 9.8 Critical |
| AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. | ||||
| CVE-2019-20479 | 5 Debian, Fedoraproject, Openidc and 2 more | 5 Debian Linux, Fedora, Mod Auth Openidc and 2 more | 2024-11-21 | 6.1 Medium |
| A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. | ||||
| CVE-2019-20430 | 1 Lustre | 1 Lustre | 2024-11-21 | 7.5 High |
| In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client. | ||||
| CVE-2019-20395 | 2 Cesnet, Redhat | 2 Libyang, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash. | ||||
| CVE-2019-20334 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291. | ||||
| CVE-2019-20225 | 1 Mybb | 1 Mybb | 2024-11-21 | 6.1 Medium |
| MyBB before 1.8.22 allows an open redirect on login. | ||||
| CVE-2019-20209 | 1 Cththemes | 3 Citybook, Easybook, Townhub | 2024-11-21 | 7.5 High |
| The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing. | ||||
| CVE-2019-20198 | 1 Ezxml Project | 1 Ezxml | 2024-11-21 | 6.5 Medium |
| An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file. | ||||
| CVE-2019-20191 | 1 Sync | 3 Oxygen Xml Author, Oxygen Xml Developer, Oxygen Xml Editor | 2024-11-21 | 7.5 High |
| Oxygen XML Editor 21.1.1 allows XXE to read any file. | ||||
| CVE-2019-20153 | 1 Determine | 1 Contract Lifecycle Management | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Determine (formerly Selectica) Contract Lifecycle Management (CLM) in v5.4. An XML external entity (XXE) vulnerability in the upload definition feature in definition_upload_attach.jsp allows authenticated remote attackers to read arbitrary files (including configuration files containing administrative credentials). | ||||
| CVE-2019-20149 | 2 Kind-of Project, Redhat | 2 Kind-of, Acm | 2024-11-21 | 7.5 High |
| ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result. | ||||
| CVE-2019-20063 | 1 Symonics | 1 Libmysofa | 2024-11-21 | 8.8 High |
| hdf/dataobject.c in libmysofa before 0.8 has an uninitialized use of memory, as demonstrated by mysofa2json. | ||||
| CVE-2019-20056 | 1 Nothings | 1 Stb Image.h | 2024-11-21 | 6.5 Medium |
| stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has an assertion failure in stbi__shiftsigned. | ||||
| CVE-2019-20022 | 1 Libsixel Project | 1 Libsixel | 2024-11-21 | 6.5 Medium |
| An invalid memory address dereference was discovered in load_pnm in frompnm.c in libsixel before 1.8.3. | ||||
| CVE-2019-20004 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router. | ||||
| CVE-2019-1903 | 1 Cisco | 1 Security Manager | 2024-11-21 | N/A |
| A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information or cause a denial of service (DoS) condition. The vulnerability is due to improper restrictions on XML entities. An attacker could exploit this vulnerability by sending malicious requests to a targeted system that contain references within XML entities. An exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a DoS condition. | ||||
| CVE-2019-1848 | 1 Cisco | 1 Digital Network Architecture Center | 2024-11-21 | N/A |
| A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access. | ||||
| CVE-2019-1840 | 1 Cisco | 1 Prime Network Registrar | 2024-11-21 | N/A |
| A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when a custom extension attempts to change a DHCPv6 packet received by the application. An attacker could exploit this vulnerability by sending malformed DHCPv6 packets to the application. An exploit could allow the attacker to trigger a restart of the service which, if exploited repeatedly, might lead to a DoS condition. This vulnerability can only be exploited if the administrator of the server has previously installed custom extensions that attempt to modify the packet details before the packet has been processed. Note: Although the CVSS score matches a High SIR, this has been lowered to Medium because this condition will only affect an application that has customer-developed extensions that will attempt to modify packet parameters before the packet has been completely sanitized. If packet modification in a custom extension happens after the packet has been sanitized, the application will not be affected by this vulnerability. Software versions prior to 8.3(7) and 9.1(2) are affected. | ||||