Export limit exceeded: 10048 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10048 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-2050 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In tearDownClientInterface of WificondControl.java, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9 Android ID: A-121327323 | ||||
| CVE-2019-2025 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In binder_thread_read of binder.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-116855682References: Upstream kernel | ||||
| CVE-2019-25155 | 1 Cure53 | 1 Dompurify | 2024-11-21 | 6.1 Medium |
| DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute. | ||||
| CVE-2019-25041 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
| CVE-2019-25037 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
| CVE-2019-25036 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
| CVE-2019-20925 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 7.5 High |
| An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24. | ||||
| CVE-2019-20901 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 6.1 Medium |
| The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter. | ||||
| CVE-2019-20853 | 1 Mattermost | 1 Mattermost Packages | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code execution problem. | ||||
| CVE-2019-20819 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2024-11-21 | 7.5 High |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.7. It allows stack consumption via nested function calls for XML parsing. | ||||
| CVE-2019-20815 | 1 Foxitsoftware | 1 Phantompdf | 2024-11-21 | 7.5 High |
| An issue was discovered in Foxit PhantomPDF before 8.3.12. It allows stack consumption via nested function calls for XML parsing. | ||||
| CVE-2019-20634 | 1 Proofpoint | 1 Email Protection | 2024-11-21 | 3.7 Low |
| An issue was discovered in Proofpoint Email Protection through 2019-09-08. By collecting scores from Proofpoint email headers, it is possible to build a copy-cat Machine Learning Classification model and extract insights from this model. The insights gathered allow an attacker to craft emails that receive preferable scores, with a goal of delivering malicious emails. | ||||
| CVE-2019-20627 | 1 Rbsoft | 1 Autoupdater.net | 2024-11-21 | 9.8 Critical |
| AutoUpdater.cs in AutoUpdater.NET before 1.5.8 allows XXE. | ||||
| CVE-2019-20479 | 5 Debian, Fedoraproject, Openidc and 2 more | 5 Debian Linux, Fedora, Mod Auth Openidc and 2 more | 2024-11-21 | 6.1 Medium |
| A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. | ||||
| CVE-2019-20430 | 1 Lustre | 1 Lustre | 2024-11-21 | 7.5 High |
| In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client. | ||||
| CVE-2019-20395 | 2 Cesnet, Redhat | 2 Libyang, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash. | ||||
| CVE-2019-20334 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291. | ||||
| CVE-2019-20225 | 1 Mybb | 1 Mybb | 2024-11-21 | 6.1 Medium |
| MyBB before 1.8.22 allows an open redirect on login. | ||||
| CVE-2019-20209 | 1 Cththemes | 3 Citybook, Easybook, Townhub | 2024-11-21 | 7.5 High |
| The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing. | ||||
| CVE-2019-20198 | 1 Ezxml Project | 1 Ezxml | 2024-11-21 | 6.5 Medium |
| An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file. | ||||