Export limit exceeded: 338086 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 338086 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 75903 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75903 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20394 | 2 Cesnet, Redhat | 2 Libyang, Enterprise Linux | 2024-11-21 | 8.8 High |
| A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. | ||||
| CVE-2019-20393 | 2 Cesnet, Redhat | 2 Libyang, Enterprise Linux | 2024-11-21 | 8.8 High |
| A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution. | ||||
| CVE-2019-20390 | 1 Intelliants | 1 Subrion | 2024-11-21 | 8.1 High |
| A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim. | ||||
| CVE-2019-20387 | 3 Debian, Opensuse, Redhat | 3 Debian Linux, Libsolv, Enterprise Linux | 2024-11-21 | 7.5 High |
| repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema. | ||||
| CVE-2019-20385 | 1 Logaritmo | 1 Aware Callmanager | 2024-11-21 | 8.8 High |
| The CSV upload feature in /supervisor/procesa_carga.php on Logaritmo Aware CallManager 2012 devices allows upload of .php files with a text/* content type. The PHP code can then be executed by visiting a /supervisor/csv/ URI. | ||||
| CVE-2019-20383 | 1 Abbyy | 1 Finereader | 2024-11-21 | 7.8 High |
| ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links. | ||||
| CVE-2019-20373 | 2 Debian, Ltsp | 2 Debian Linux, Ldm | 2024-11-21 | 7.8 High |
| LTSP LDM through 2.18.06 allows fat-client root access because the LDM_USERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script. | ||||
| CVE-2019-20362 | 2 Microsoft, Teradici | 4 Windows, Pcoip Client, Pcoip Graphics Agent and 1 more | 2024-11-21 | 7.8 High |
| In Teradici PCoIP Agent before 19.08.1 and PCoIP Client before 19.08.3, an unquoted service path can cause execution of %PROGRAMFILES(X86)%\Teradici\PCoIP.exe instead of the intended pcoip_vchan_printing_svc.exe file. | ||||
| CVE-2019-20360 | 1 Givewp | 1 Givewp | 2024-11-21 | 7.5 High |
| A flaw in Give before 2.5.5, a WordPress plugin, allowed unauthenticated users to bypass API authentication methods and access personally identifiable user information (PII) including names, addresses, IP addresses, and email addresses. Once an API key has been set to any meta key value from the wp_usermeta table, and the token is set to the corresponding MD5 hash of the meta key selected, one can make a request to the restricted endpoints, and thus access sensitive donor data. | ||||
| CVE-2019-20358 | 2 Microsoft, Trendmicro | 2 Windows, Anti-threat Toolkit | 2024-11-21 | 7.8 High |
| Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed. Another attack vector similar to CVE-2019-9491 was idenitfied and resolved in version 1.62.0.1228 of the tool. | ||||
| CVE-2019-20357 | 2 Microsoft, Trendmicro | 9 Windows, Antivirus \+ Security 2019, Antivirus \+ Security 2020 and 6 more | 2024-11-21 | 7.8 High |
| A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system. | ||||
| CVE-2019-20352 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 7.1 High |
| In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occurs (via a crafted .asm file) in set_text_free when called from expand_one_smacro in asm/preproc.c. | ||||
| CVE-2019-20337 | 1 Advanced Real Estate Script Project | 1 Advanced Real Estate Script | 2024-11-21 | 7.2 High |
| In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulnerable to SQL Injection. | ||||
| CVE-2019-20329 | 1 Openlambda Project | 1 Openlambda | 2024-11-21 | 8.1 High |
| OpenLambda 2019-09-10 allows DNS rebinding attacks against the OL server for the REST API on TCP port 5000. | ||||
| CVE-2019-20327 | 1 Centreon | 1 Centreon | 2024-11-21 | 7.8 High |
| Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. (cwrapper_perl is a setuid executable allowing execution of Perl scripts with root privileges.) | ||||
| CVE-2019-20326 | 3 Debian, Gnome, Linuxmint | 3 Debian Linux, Gthumb, Pix | 2024-11-21 | 7.8 High |
| A heap-based buffer overflow in _cairo_image_surface_create_from_jpeg() in extensions/cairo_io/cairo-image-surface-jpeg.c in GNOME gThumb before 3.8.3 and Linux Mint Pix before 2.4.5 allows attackers to cause a crash and potentially execute arbitrary code via a crafted JPEG file. | ||||
| CVE-2019-20224 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 8.8 High |
| netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. This issue has been fixed in Pandora FMS 7.0 NG 742. | ||||
| CVE-2019-20219 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 8.8 High |
| ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c. | ||||
| CVE-2019-20218 | 5 Canonical, Debian, Oracle and 2 more | 5 Ubuntu Linux, Debian Linux, Mysql Workbench and 2 more | 2024-11-21 | 7.5 High |
| selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack unwinding even after a parsing error. | ||||
| CVE-2019-20213 | 1 Dlink | 28 Dir-818lx, Dir-818lx Firmware, Dir-822 and 25 more | 2024-11-21 | 7.5 High |
| D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Information Disclosure via the AUTHORIZED_GROUP=1%0a value, as demonstrated by vpnconfig.php. | ||||