Export limit exceeded: 335840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19321 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12211 | 2 Canonical, Freeimage Project | 2 Ubuntu Linux, Freeimage | 2024-11-21 | 7.5 High |
| When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow. | ||||
| CVE-2019-12208 | 1 F5 | 1 Njs | 2024-11-21 | N/A |
| njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. | ||||
| CVE-2019-12206 | 1 F5 | 1 Njs | 2024-11-21 | N/A |
| njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. | ||||
| CVE-2019-12181 | 1 Solarwinds | 2 Serv-u Ftp Server, Serv-u Mft Server | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. | ||||
| CVE-2019-12158 | 1 Gohttp Project | 1 Gohttp | 2024-11-21 | N/A |
| GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension. | ||||
| CVE-2019-12132 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected. | ||||
| CVE-2019-12123 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 8.8 High |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | ||||
| CVE-2019-12113 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 8.8 High |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | ||||
| CVE-2019-12112 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected. | ||||
| CVE-2019-12103 | 1 Tp-link | 2 M7350, M7350 Firmware | 2024-11-21 | N/A |
| The web-based configuration interface of the TP-Link M7350 V3 with firmware before 190531 is affected by a pre-authentication command injection vulnerability. | ||||
| CVE-2019-12091 | 1 Netskope | 1 Netskope | 2024-11-21 | 7.8 High |
| The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege. | ||||
| CVE-2019-12083 | 3 Fedoraproject, Opensuse, Rust-lang | 3 Fedora, Leap, Rust | 2024-11-21 | 8.1 High |
| The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected. | ||||
| CVE-2019-11957 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | N/A |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | ||||
| CVE-2019-11933 | 2 Libpl Droidsonroids Gif Project, Whatsapp | 2 Libpl Droidsonroids Gif, Whatsapp | 2024-11-21 | 9.8 Critical |
| A heap buffer overflow bug in libpl_droidsonroids_gif before 1.2.19, as used in WhatsApp for Android before version 2.19.291 could allow remote attackers to execute arbitrary code or cause a denial of service. | ||||
| CVE-2019-11931 | 1 Whatsapp | 3 Whatsapp, Whatsapp Business, Whatsapp Enterprise Client | 2024-11-21 | 7.8 High |
| A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100. | ||||
| CVE-2019-11921 | 1 Facebook | 1 Proxygen | 2024-11-21 | N/A |
| An out of bounds write is possible via a specially crafted packet in certain configurations of Proxygen due to improper handling of Base64 when parsing malformed binary content in Structured HTTP Headers. This issue affects versions of proxygen prior to v2019.07.22.00. | ||||
| CVE-2019-11873 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 9.8 Critical |
| wolfSSL 4.0.0 has a Buffer Overflow in DoPreSharedKeys in tls13.c when a current identity size is greater than a client identity size. An attacker sends a crafted hello client packet over the network to a TLSv1.3 wolfSSL server. The length fields of the packet: record length, client hello length, total extensions length, PSK extension length, total identity length, and identity length contain their maximum value which is 2^16. The identity data field of the PSK extension of the packet contains the attack data, to be stored in the undefined memory (RAM) of the server. The size of the data is about 65 kB. Possibly the attacker can perform a remote code execution attack. | ||||
| CVE-2019-11868 | 1 Softether | 1 See.sys | 2024-11-21 | 7.8 High |
| See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to. | ||||
| CVE-2019-11850 | 1 Sierrawireless | 7 Airlink Lx40, Airlink Lx60, Airlink Mp70 and 4 more | 2024-11-21 | 6.3 Medium |
| A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0. The vulnerability may allow code execution | ||||
| CVE-2019-11849 | 1 Sierrawireless | 7 Airlink Lx40, Airlink Lx60, Airlink Mp70 and 4 more | 2024-11-21 | 6.3 Medium |
| A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0. The vulnerability may allow code execution. | ||||