Export limit exceeded: 10057 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10057 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-0221 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access.Product: AndroidVersions: Android kernelAndroid ID: A-135772851 | ||||
| CVE-2020-0210 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In removeSharedAccountAsUser of AccountManager.java, there is a possible permissions bypass to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145206763 | ||||
| CVE-2020-0022 | 2 Google, Huawei | 43 Android, Honor 8a, Honor 8a Firmware and 40 more | 2024-11-21 | 8.8 High |
| In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715 | ||||
| CVE-2019-9946 | 4 Cncf, Kubernetes, Netapp and 1 more | 5 Portmap, Kubernetes, Cloud Insights and 2 more | 2024-11-21 | N/A |
| Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0. | ||||
| CVE-2019-9938 | 1 Ushareit | 1 Shareit | 2024-11-21 | N/A |
| The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network or joining public "open" Wi-Fi hotspots created by the application when file transfer is initiated) to download arbitrary files from the device including contacts, photos, videos, sound clips, etc. The attacker must be authenticated as a "recognized device." | ||||
| CVE-2019-9921 | 1 Harmistechnology | 1 Je Messenger | 2024-11-21 | 6.5 Medium |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to read information that should only be accessible by a different user. | ||||
| CVE-2019-9915 | 1 Get-simple. | 1 Getsimplecms | 2024-11-21 | N/A |
| GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter. | ||||
| CVE-2019-9904 | 1 Graphviz | 1 Graphviz | 2024-11-21 | 6.5 Medium |
| An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c. | ||||
| CVE-2019-9843 | 1 Diffplug | 2 Gradle, Maven | 2024-11-21 | N/A |
| In DiffPlug Spotless before 1.20.0 (library and Maven plugin) and before 3.20.0 (Gradle plugin), the XML parser would resolve external entities over both HTTP and HTTPS and didn't respect the resolveExternalEntities setting. For example, this allows disclosure of file contents to a MITM attacker if a victim performs a spotlessApply operation on an untrusted XML file. | ||||
| CVE-2019-9837 | 1 Openid | 1 Openid Connect | 2024-11-21 | N/A |
| Doorkeeper::OpenidConnect (aka the OpenID Connect extension for Doorkeeper) 1.4.x and 1.5.x before 1.5.4 has an open redirect via the redirect_uri field in an OAuth authorization request (that results in an error response) with the 'openid' scope and a prompt=none value. This allows phishing attacks against the authorization flow. | ||||
| CVE-2019-9827 | 2 Hawt, Redhat | 4 Hawtio, Amq Broker, Jboss Amq and 1 more | 2024-11-21 | N/A |
| Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI. | ||||
| CVE-2019-9795 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2024-11-21 | N/A |
| A vulnerability where type-confusion in the IonMonkey just-in-time (JIT) compiler could potentially be used by malicious JavaScript to trigger a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. | ||||
| CVE-2019-9761 | 1 Phpshe | 1 Phpshe | 2024-11-21 | N/A |
| An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechat_getxml in include/plugin/payment/wechat/notify_url.php. | ||||
| CVE-2019-9757 | 1 Labkey | 1 Labkey Server | 2024-11-21 | 7.5 High |
| An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read. | ||||
| CVE-2019-9756 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A |
| An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and 11.x before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control, a different vulnerability than CVE-2019-9732. | ||||
| CVE-2019-9749 | 1 Treasuredata | 1 Fluent Bit | 2024-11-21 | 7.5 High |
| An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal. | ||||
| CVE-2019-9658 | 3 Checkstyle, Debian, Fedoraproject | 3 Checkstyle, Debian Linux, Fedora | 2024-11-21 | N/A |
| Checkstyle before 8.18 loads external DTDs by default. | ||||
| CVE-2019-9641 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. | ||||
| CVE-2019-9639 | 6 Canonical, Debian, Netapp and 3 more | 8 Ubuntu Linux, Debian Linux, Storage Automation Store and 5 more | 2024-11-21 | 7.5 High |
| An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable. | ||||
| CVE-2019-9638 | 6 Canonical, Debian, Netapp and 3 more | 8 Ubuntu Linux, Debian Linux, Storage Automation Store and 5 more | 2024-11-21 | 7.5 High |
| An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. | ||||