Export limit exceeded: 43053 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43053 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-3862 | 6 Debian, Fedoraproject, Libssh2 and 3 more | 7 Debian Linux, Fedora, Libssh2 and 4 more | 2024-11-21 | N/A |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | ||||
| CVE-2019-3861 | 5 Debian, Libssh2, Netapp and 2 more | 6 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 3 more | 2024-11-21 | N/A |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SSH packets with a padding length value greater than the packet length are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | ||||
| CVE-2019-3860 | 4 Debian, Libssh2, Netapp and 1 more | 4 Debian Linux, Libssh2, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | N/A |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 in the way SFTP packets with empty payloads are parsed. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | ||||
| CVE-2019-3858 | 6 Debian, Fedoraproject, Libssh2 and 3 more | 7 Debian Linux, Fedora, Libssh2 and 4 more | 2024-11-21 | N/A |
| An out of bounds read flaw was discovered in libssh2 before 1.8.1 when a specially crafted SFTP packet is received from the server. A remote attacker who compromises a SSH server may be able to cause a Denial of Service or read data in the client memory. | ||||
| CVE-2019-3846 | 7 Canonical, Debian, Fedoraproject and 4 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2024-11-21 | 8.8 High |
| A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. | ||||
| CVE-2019-3832 | 3 Canonical, Debian, Libsndfile Project | 3 Ubuntu Linux, Debian Linux, Libsndfile | 2024-11-21 | 5.5 Medium |
| It was discovered the fix for CVE-2018-19758 (libsndfile) was not complete and still allows a read beyond the limits of a buffer in wav_write_header() function in wav.c. A local attacker may use this flaw to make the application crash. | ||||
| CVE-2019-3824 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2024-11-21 | N/A |
| A flaw was found in the way an LDAP search expression could crash the shared LDAP server process of a samba AD DC in samba before version 4.10. An authenticated user, having read permissions on the LDAP server, could use this flaw to cause denial of service. | ||||
| CVE-2019-3813 | 4 Canonical, Debian, Redhat and 1 more | 10 Ubuntu Linux, Debian Linux, Enterprise Linux and 7 more | 2024-11-21 | 7.5 High |
| Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers. | ||||
| CVE-2019-3812 | 4 Canonical, Fedoraproject, Opensuse and 1 more | 4 Ubuntu Linux, Fedora, Leap and 1 more | 2024-11-21 | N/A |
| QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host. | ||||
| CVE-2019-3802 | 2 Pivotal Software, Redhat | 2 Spring Data Java Persistance Api, Jboss Fuse | 2024-11-21 | 5.3 Medium |
| This affects Spring Data JPA in versions up to and including 2.1.6, 2.0.14 and 1.11.20. ExampleMatcher using ExampleMatcher.StringMatcher.STARTING, ExampleMatcher.StringMatcher.ENDING or ExampleMatcher.StringMatcher.CONTAINING could return more results than anticipated when a maliciously crafted example value is supplied. | ||||
| CVE-2019-3794 | 1 Pivotal Software | 1 Cloud Foundry Uaa | 2024-11-21 | 5.4 Medium |
| Cloud Foundry UAA, versions prior to v73.4.0, does not set an X-FRAME-OPTIONS header on various endpoints. A remote user can perform clickjacking attacks on UAA's frontend sites. | ||||
| CVE-2019-3783 | 1 Cloudfoundry | 1 Stratos | 2024-11-21 | 8.8 High |
| Cloud Foundry Stratos, versions prior to 2.3.0, deploys with a public default session store secret. A malicious user with default session store secret can brute force another user's current Stratos session, and act on behalf of that user. | ||||
| CVE-2019-3729 | 1 Dell | 1 Bsafe Micro-edition-suite | 2024-11-21 | 2.4 Low |
| RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system. | ||||
| CVE-2019-3712 | 1 Dell | 2 Windows Embedded Standard Wyse Device Agent, Wyse Thinlinux Hagent | 2024-11-21 | N/A |
| Dell WES Wyse Device Agent versions prior to 14.1.2.9 and Dell Wyse ThinLinux HAgent versions prior to 5.4.55 00.10 contain a buffer overflow vulnerability. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP client by sending specially crafted input data to the affected system. The FTP code that contained the vulnerability has been removed. | ||||
| CVE-2019-3705 | 1 Dell | 4 Idrac6 Firmware, Idrac7 Firmware, Idrac8 Firmware and 1 more | 2024-11-21 | 9.8 Critical |
| Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system. | ||||
| CVE-2019-3639 | 1 Mcafee | 1 Web Gateway | 2024-11-21 | N/A |
| Clickjack vulnerability in Adminstrator web console in McAfee Web Gateway (MWG) 7.8.2.x prior to 7.8.2.12 allows remote attackers to conduct clickjacking attacks via a crafted web page that contains an iframe via does not send an X-Frame-Options HTTP header. | ||||
| CVE-2019-3634 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 5.5 Medium |
| Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via an encrypted message sent to DLPe which when decrypted results in DLPe reading unallocated memory. | ||||
| CVE-2019-3633 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 5.5 Medium |
| Buffer overflow in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.2.8 allows local user to cause the Windows operating system to "blue screen" via a carefully constructed message sent to DLPe which bypasses DLPe internal checks and results in DLPe reading unallocated memory. | ||||
| CVE-2019-3598 | 1 Mcafee | 1 Agent | 2024-11-21 | N/A |
| Buffer Access with Incorrect Length Value in McAfee Agent (MA) 5.x allows remote unauthenticated users to potentially cause a denial of service via specifically crafted UDP packets. | ||||
| CVE-2019-3574 | 1 Libsixel Project | 1 Libsixel | 2024-11-21 | N/A |
| In libsixel v1.8.2, there is a heap-based buffer over-read in the function load_jpeg() in the file loader.c, as demonstrated by img2sixel. | ||||