Export limit exceeded: 341187 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10373 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1409 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 5.5 Medium |
| An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Windows Remote Procedure Call Information Disclosure Vulnerability'. | ||||
| CVE-2019-1299 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2019 | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability exists when Microsoft Edge based on Edge HTML improperly handles objects in memory, aka 'Microsoft Edge based on Edge HTML Information Disclosure Vulnerability'. | ||||
| CVE-2019-1274 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 5.5 Medium |
| An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. | ||||
| CVE-2019-1075 | 1 Microsoft | 1 Asp.net Core | 2024-11-21 | N/A |
| A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect, aka 'ASP.NET Core Spoofing Vulnerability'. | ||||
| CVE-2019-1060 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'. | ||||
| CVE-2019-19998 | 1 Xiuno | 1 Xiunobbs | 2024-11-21 | 7.5 High |
| Xiuno BBS 4.0 allows XXE via plugin/xn_wechat_public/route/token.php. | ||||
| CVE-2019-19959 | 3 Canonical, Redhat, Sqlite | 3 Ubuntu Linux, Enterprise Linux, Sqlite | 2024-11-21 | 7.5 High |
| ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by (for example) valgrind. | ||||
| CVE-2019-19958 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 6.5 Medium |
| In libIEC61850 1.4.0, StringUtils_createStringFromBuffer in common/string_utilities.c has an integer signedness issue that could lead to an attempted excessive memory allocation and denial of service. | ||||
| CVE-2019-19946 | 1 Dradisframework | 1 Dradis | 2024-11-21 | 6.5 Medium |
| The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team. | ||||
| CVE-2019-19945 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 7.5 High |
| uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value. | ||||
| CVE-2019-19866 | 1 Atos | 1 Unify Openscape Uc Web Client | 2024-11-21 | 7.5 High |
| Atos Unify OpenScape UC Web Client V9 before version V9 R4.31.0 and V10 before version V10 R0.6.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs. | ||||
| CVE-2019-19844 | 2 Canonical, Djangoproject | 2 Ubuntu Linux, Django | 2024-11-21 | 9.8 Critical |
| Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address (that is equal to an existing user's email address after case transformation of Unicode characters) would allow an attacker to be sent a password reset token for the matched user account. (One mitigation in the new releases is to send password reset tokens only to the registered user email address.) | ||||
| CVE-2019-19775 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 6.1 Medium |
| The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users. | ||||
| CVE-2019-19758 | 1 Lenovo | 4 Ez Media \& Backup Center Ix2, Ez Media \& Backup Center Ix2-dl, Ez Media \& Backup Center Ix2-dl Firmware and 1 more | 2024-11-21 | 6.1 Medium |
| A vulnerability in the web interface of Lenovo EZ Media & Backup Center, ix2 & ix2-dl version 4.1.406.34763 and prior could allow an unauthenticated, remote attacker to redirect a user to an untrusted web page. | ||||
| CVE-2019-19755 | 1 Ethos | 1 Ethos | 2024-11-21 | 9.1 Critical |
| ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated that they plan to fix this. | ||||
| CVE-2019-19729 | 1 Bson-objectid Project | 1 Bson-objectid | 2024-11-21 | 7.5 High |
| An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-input object. As a result, objects in arbitrary forms can bypass formatting if they have a valid bsontype. | ||||
| CVE-2019-19725 | 3 Canonical, Debian, Sysstat Project | 3 Ubuntu Linux, Debian Linux, Sysstat | 2024-11-21 | 9.8 Critical |
| sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c. | ||||
| CVE-2019-19709 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 6.1 Medium |
| MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page. | ||||
| CVE-2019-19703 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 6.1 Medium |
| In Ktor through 1.2.6, the client resends data from the HTTP Authorization header to a redirect location. | ||||
| CVE-2019-19702 | 1 Modoboa | 1 Modoboa-dmarc | 2024-11-21 | 7.5 High |
| The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML documents that are emailed to the address in the rua field of the DMARC records of a domain. | ||||