Export limit exceeded: 76148 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76148 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25050 | 1 Osgeo | 1 Gdal | 2024-11-21 | 7.8 High |
| netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4_get_att_tc and nc_get_att_text) and in uffd_cleanup (called from netCDFDataset::~netCDFDataset and netCDFDataset::~netCDFDataset). | ||||
| CVE-2019-25049 | 2 Linux, Openbsd | 2 Linux Kernel, Libressl | 2024-11-21 | 7.1 High |
| LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_template_print_ctx). | ||||
| CVE-2019-25048 | 2 Linux, Openbsd | 2 Linux Kernel, Libressl | 2024-11-21 | 7.1 High |
| LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item_print_ctx and ASN1_item_print). | ||||
| CVE-2019-25045 | 2 Linux, Netapp | 41 Linux Kernel, Aff 8300, Aff 8300 Firmware and 38 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, related to an xfrm_state_fini panic, aka CID-dbb2483b2a46. | ||||
| CVE-2019-25044 | 2 Linux, Netapp | 21 Linux Kernel, Cloud Backup, H300e and 18 more | 2024-11-21 | 7.8 High |
| The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. | ||||
| CVE-2019-25041 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
| CVE-2019-25040 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
| CVE-2019-25037 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
| CVE-2019-25036 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
| CVE-2019-25021 | 1 Scytl | 1 Secure Vote | 2024-11-21 | 7.5 High |
| An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code. | ||||
| CVE-2019-25020 | 1 Scytl | 1 Secure Vote | 2024-11-21 | 7.5 High |
| An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI. | ||||
| CVE-2019-25018 | 1 Mit | 1 Krb5-appl | 2024-11-21 | 7.5 High |
| In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. | ||||
| CVE-2019-25016 | 1 Opendoas Project | 1 Opendoas | 2024-11-21 | 8.8 High |
| In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue. | ||||
| CVE-2019-25012 | 1 Webform Report Project | 1 Webform Report | 2024-11-21 | 7.5 High |
| The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2019-25007 | 1 Streebog Project | 1 Streebog | 2024-11-21 | 7.5 High |
| An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic. | ||||
| CVE-2019-25006 | 1 Streebog Project | 1 Streebog | 2024-11-21 | 7.5 High |
| An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer. | ||||
| CVE-2019-25005 | 1 Chacha20 Project | 1 Chacha20 | 2024-11-21 | 7.5 High |
| An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ChaCha20 counter overflow makes it easier for attackers to determine plaintext. | ||||
| CVE-2019-25003 | 1 Parity | 1 Libsecp256k1 | 2024-11-21 | 7.5 High |
| An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information. | ||||
| CVE-2019-25001 | 1 Serde Cbor Project | 1 Serde Cbor | 2024-11-21 | 7.5 High |
| An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags. | ||||
| CVE-2019-20925 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 7.5 High |
| An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24. | ||||