Export limit exceeded: 345182 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43044 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3802 | 2 Pivotal Software, Redhat | 2 Spring Data Java Persistance Api, Jboss Fuse | 2024-11-21 | 5.3 Medium |
| This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied. | ||||
| CVE-2019-3794 | 1 Pivotal Software | 1 Cloud Foundry Uaa | 2024-11-21 | 5.4 Medium |
| Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites. | ||||
| CVE-2019-3783 | 1 Cloudfoundry | 1 Stratos | 2024-11-21 | 8.8 High |
| Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user. | ||||
| CVE-2019-3729 | 1 Dell | 1 Bsafe Micro-edition-suite | 2024-11-21 | 2.4 Low |
| RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system. | ||||
| CVE-2019-3712 | 1 Dell | 2 Windows Embedded Standard Wyse Device Agent, Wyse Thinlinux Hagent | 2024-11-21 | N/A |
| Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP client by sending specially crafted input data to the affected system. The FTP code that contained the vulnerability has been removed. | ||||
| CVE-2019-3705 | 1 Dell | 4 Idrac6 Firmware, Idrac7 Firmware, Idrac8 Firmware and 1 more | 2024-11-21 | 9.8 Critical |
| Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system. | ||||
| CVE-2019-3639 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | N/A |
| Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header. | ||||
| CVE-2019-3634 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 5.5 Medium |
| Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory. | ||||
| CVE-2019-3633 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 5.5 Medium |
| Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory. | ||||
| CVE-2019-3598 | 1 Mcafee | 1 Agent | 2024-11-21 | N/A |
| Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets. | ||||
| CVE-2019-3574 | 1 Libsixel Project | 1 Libsixel | 2024-11-21 | N/A |
| In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel. | ||||
| CVE-2019-3572 | 1 Libming | 1 Libming | 2024-11-21 | N/A |
| An issue was discovered in libming 0.4.8. There is a heap-based buffer over-read in the function writePNG in the file util/dbl2png.c of the dbl2png command-line program. Because this is associated with an erroneous call to png_write_row in libpng, an out-of-bounds write might occur for some memory layouts. | ||||
| CVE-2019-3571 | 1 Whatsapp | 1 Whatsapp | 2024-11-21 | N/A |
| An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension. | ||||
| CVE-2019-3570 | 1 Facebook | 1 Hiphop Virtual Machine | 2024-11-21 | 9.8 Critical |
| Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. | ||||
| CVE-2019-3563 | 1 Facebook | 1 Wangle | 2024-11-21 | 9.8 Critical |
| Wangle's LineBasedFrameDecoder contains logic for identifying newlines which incorrectly advances a buffer, leading to a potential underflow. This affects versions of Wangle prior to v2019.04.22.00 | ||||
| CVE-2019-3561 | 1 Facebook | 1 Hhvm | 2024-11-21 | N/A |
| Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory. This affects all supported versions of HHVM (4.0.3, 3.30.4, and 3.27.7 and below). | ||||
| CVE-2019-3557 | 1 Facebook | 1 Hhvm | 2024-11-21 | N/A |
| The implementations of streams for bz2 and php://output improperly implemented their readImpl functions, returning -1 consistently. This behavior caused some stream functions, such as stream_get_line, to trigger an out-of-bounds read when operating on such malformed streams. The implementations were updated to return valid values consistently. This affects all supported versions of HHVM (3.30 and 3.27.4 and below). | ||||
| CVE-2019-3554 | 1 Facebook | 1 Wangle | 2024-11-21 | N/A |
| Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle prior to v2019.01.14.00 | ||||
| CVE-2019-3459 | 4 Canonical, Debian, Linux and 1 more | 17 Ubuntu Linux, Debian Linux, Linux Kernel and 14 more | 2024-11-21 | 6.5 Medium |
| A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. | ||||
| CVE-2019-2988 | 6 Canonical, Debian, Netapp and 3 more | 21 Ubuntu Linux, Debian Linux, E-series Santricity Os Controller and 18 more | 2024-11-21 | 3.7 Low |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | ||||