Export limit exceeded: 15147 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (15147 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11683 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 9.8 Critical |
| udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue. | ||||
| CVE-2019-11618 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php. | ||||
| CVE-2019-11577 | 1 Dhcpcd Project | 1 Dhcpcd | 2024-11-21 | N/A |
| dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses. | ||||
| CVE-2019-11547 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.1 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues. | ||||
| CVE-2019-11493 | 1 Verypdf | 1 Verypdf | 2024-11-21 | N/A |
| VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pdfocx!CxImageTIF::operator in pdfocx.ocx (used by pdfeditor.exe and pdfcmd.exe) is mishandled. | ||||
| CVE-2019-11467 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 7.5 High |
| In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. This has been remedied in versions 5.1.2 and 5.5.2 to ensure buffer always grows as needed for any input. | ||||
| CVE-2019-11418 | 1 Trendnet | 2 Tew-632brp, Tew-632brp Firmware | 2024-11-21 | N/A |
| apply.cgi on the TRENDnet TEW-632BRP 1.010B32 router has a buffer overflow via long strings to the SOAPACTION:HNAP1 interface. | ||||
| CVE-2019-11400 | 1 Trendnet | 6 Tew-651br, Tew-651br Firmware, Tew-652brp and 3 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices. A buffer overflow occurs through the get_set.ccp ccp_act parameter. | ||||
| CVE-2019-11356 | 5 Canonical, Cyrus, Debian and 2 more | 8 Ubuntu Linux, Imap, Debian Linux and 5 more | 2024-11-21 | 9.8 Critical |
| The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. | ||||
| CVE-2019-11325 | 1 Sensiolabs | 1 Symfony | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter. | ||||
| CVE-2019-11268 | 1 Pivotal Software | 1 Cloud Foundry Uaa-release | 2024-11-21 | 4.3 Medium |
| Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones. | ||||
| CVE-2019-11236 | 2 Python, Redhat | 4 Urllib3, Ansible Tower, Enterprise Linux and 1 more | 2024-11-21 | N/A |
| In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. | ||||
| CVE-2019-11127 | 1 Intel | 13 Compute Card Cd1c64gk, Compute Card Cd1iv128mk, Compute Card Cd1m3128mk and 10 more | 2024-11-21 | N/A |
| Buffer overflow in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | ||||
| CVE-2019-11126 | 1 Intel | 13 Compute Card Cd1c64gk, Compute Card Cd1iv128mk, Compute Card Cd1m3128mk and 10 more | 2024-11-21 | N/A |
| Pointer corruption in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | ||||
| CVE-2019-11113 | 2 Intel, Netapp | 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more | 2024-11-21 | 4.4 Medium |
| Buffer overflow in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077) may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2019-11059 | 1 Denx | 1 U-boot | 2024-11-21 | N/A |
| Das U-Boot 2016.11-rc1 through 2019.04 mishandles the ext4 64-bit extension, resulting in a buffer overflow. | ||||
| CVE-2019-10993 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
| In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. | ||||
| CVE-2019-10978 | 1 Redlion | 1 Crimson | 2024-11-21 | 7.8 High |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area. | ||||
| CVE-2019-10655 | 1 Grandstream | 10 Gac2500, Gac2500 Firmware, Gvc3202 and 7 more | 2024-11-21 | 9.8 Critical |
| Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited remotely or via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd. | ||||
| CVE-2019-10627 | 2 Hp, Qualcomm | 83 2dr21d, 2dr21d Firmware, D3q15a and 80 more | 2024-11-21 | 9.8 Critical |
| Integer overflow to buffer overflow vulnerability in PostScript image handling code used by the PostScript- and PDF-compatible interpreters due to incorrect buffer size calculation. in PostScript and PDF printers that use IPS versions prior to 2019.2 in PostScript and PDF printers that use IPS versions prior to 2019.2 | ||||