Export limit exceeded: 365161 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 365161 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365161 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19950 | 3 Debian, Graphicsmagick, Opensuse | 4 Debian Linux, Graphicsmagick, Backports and 1 more | 2024-11-21 | 9.8 Critical |
| In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free in ThrowException and ThrowLoggedException of magick/error.c. | ||||
| CVE-2019-19949 | 5 Canonical, Debian, Imagemagick and 2 more | 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more | 2024-11-21 | 9.1 Critical |
| In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WritePNGImage of coders/png.c, related to Magick_png_write_raw_profile and LocaleNCompare. | ||||
| CVE-2019-19948 | 5 Canonical, Debian, Imagemagick and 2 more | 5 Ubuntu Linux, Debian Linux, Imagemagick and 2 more | 2024-11-21 | 9.8 Critical |
| In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer overflow in the function WriteSGIImage of coders/sgi.c. | ||||
| CVE-2019-19947 | 4 Canonical, Debian, Linux and 1 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2024-11-21 | 4.6 Medium |
| In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c. | ||||
| CVE-2019-19946 | 1 Dradisframework | 1 Dradis | 2024-11-21 | 6.5 Medium |
| The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team. | ||||
| CVE-2019-19945 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 7.5 High |
| uhttpd in OpenWrt through 18.06.5 and 19.x through 19.07.0-rc2 has an integer signedness error. This leads to out-of-bounds access to a heap buffer and a subsequent crash. It can be triggered with an HTTP POST request to a CGI script, specifying both "Transfer-Encoding: chunked" and a large negative Content-Length value. | ||||
| CVE-2019-19944 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 6.5 Medium |
| In libIEC61850 1.4.0, BerDecoder_decodeUint32 in mms/asn1/ber_decode.c has an out-of-bounds read, related to intLen and bufPos. | ||||
| CVE-2019-19943 | 1 Pablosoftwaresolutions | 1 Quick \'n Easy Web Server | 2024-11-21 | 7.5 High |
| The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter. It may be possible to achieve remote code execution because of a double free. | ||||
| CVE-2019-19942 | 1 Swisscom | 3 Centro Business, Centro Grande, Centro Grande Firmware | 2024-11-21 | 7.5 High |
| Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 (ADB) before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests. | ||||
| CVE-2019-19941 | 1 Swisscom | 2 Centro Grande, Centro Grande Firmware | 2024-11-21 | 5.4 Medium |
| Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS. | ||||
| CVE-2019-19940 | 1 Swisscom | 2 Centro Grande, Centro Grande Firmware | 2024-11-21 | 7.2 High |
| Incorrect input sanitation in text-oriented user interfaces (telnet, ssh) in Swisscom Centro Grande before 6.16.12 allows remote authenticated users to execute arbitrary commands via command injection. | ||||
| CVE-2019-19937 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 7.2 High |
| In JFrog Artifactory before 6.18, it is not possible to restrict either system or repository imports by any admin user in the enterprise, which can lead to "undesirable results." | ||||
| CVE-2019-19935 | 1 Froala | 1 Froala Editor | 2024-11-21 | 6.1 Medium |
| Froala Editor before 3.2.3 allows XSS. | ||||
| CVE-2019-19931 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 8.8 High |
| In libIEC61850 1.4.0, MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c has a heap-based buffer overflow. | ||||
| CVE-2019-19930 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 6.5 Medium |
| In libIEC61850 1.4.0, MmsValue_newOctetString in mms/iso_mms/common/mms_value.c has an integer signedness error that can lead to an attempted excessive memory allocation. | ||||
| CVE-2019-19929 | 1 Malwarebytes | 1 Adwcleaner | 2024-11-21 | 7.8 High |
| An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner before 8.0.1 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded by the product. | ||||
| CVE-2019-19927 | 2 Linux, Opensuse | 2 Linux Kernel, Leap | 2024-11-21 | 6.0 Medium |
| In the Linux kernel 5.0.0-rc7 (as distributed in ubuntu/linux.git on kernel.ubuntu.com), mounting a crafted f2fs filesystem image and performing some operations can lead to slab-out-of-bounds read access in ttm_put_pages in drivers/gpu/drm/ttm/ttm_page_alloc.c. This is related to the vmwgfx or ttm module. | ||||
| CVE-2019-19926 | 8 Debian, Netapp, Opensuse and 5 more | 13 Debian Linux, Cloud Backup, Backports Sle and 10 more | 2024-11-21 | 7.5 High |
| multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. | ||||
| CVE-2019-19925 | 8 Debian, Netapp, Opensuse and 5 more | 14 Debian Linux, Cloud Backup, Backports Sle and 11 more | 2024-11-21 | 7.5 High |
| zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. | ||||
| CVE-2019-19924 | 6 Apache, Netapp, Oracle and 3 more | 6 Bookkeeper, Cloud Backup, Mysql Workbench and 3 more | 2024-11-21 | 5.3 Medium |
| SQLite 3.30.1 mishandles certain parser-tree rewriting, related to expr.c, vdbeaux.c, and window.c. This is caused by incorrect sqlite3WindowRewrite() error handling. | ||||