Export limit exceeded: 75035 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75035 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25036 | 3 Debian, Nlnetlabs, Redhat | 4 Debian Linux, Unbound, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be remotely or locally exploited | ||||
| CVE-2019-25021 | 1 Scytl | 1 Secure Vote | 2024-11-21 | 7.5 High |
| An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code. | ||||
| CVE-2019-25020 | 1 Scytl | 1 Secure Vote | 2024-11-21 | 7.5 High |
| An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI. | ||||
| CVE-2019-25018 | 1 Mit | 1 Krb5-appl | 2024-11-21 | 7.5 High |
| In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. | ||||
| CVE-2019-25016 | 1 Opendoas Project | 1 Opendoas | 2024-11-21 | 8.8 High |
| In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue. | ||||
| CVE-2019-25012 | 1 Webform Report Project | 1 Webform Report | 2024-11-21 | 7.5 High |
| The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2019-25007 | 1 Streebog Project | 1 Streebog | 2024-11-21 | 7.5 High |
| An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can cause a panic. | ||||
| CVE-2019-25006 | 1 Streebog Project | 1 Streebog | 2024-11-21 | 7.5 High |
| An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer. | ||||
| CVE-2019-25005 | 1 Chacha20 Project | 1 Chacha20 | 2024-11-21 | 7.5 High |
| An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ChaCha20 counter overflow makes it easier for attackers to determine plaintext. | ||||
| CVE-2019-25003 | 1 Parity | 1 Libsecp256k1 | 2024-11-21 | 7.5 High |
| An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allows a timing side-channel attack; consequently, attackers can obtain sensitive information. | ||||
| CVE-2019-25001 | 1 Serde Cbor Project | 1 Serde Cbor | 2024-11-21 | 7.5 High |
| An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags. | ||||
| CVE-2019-20925 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 7.5 High |
| An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory. This issue affects MongoDB Server v4.2 versions prior to 4.2.1; MongoDB Server v4.0 versions prior to 4.0.13; MongoDB Server v3.6 versions prior to 3.6.15 and MongoDB Server v3.4 versions prior to 3.4.24. | ||||
| CVE-2019-20922 | 2 Handlebarsjs, Redhat | 5 Handlebars, Jboss Enterprise Bpms Platform, Openshift and 2 more | 2024-11-21 | 7.5 High |
| Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources. | ||||
| CVE-2019-20920 | 2 Handlebarsjs, Redhat | 5 Handlebars, Jboss Enterprise Bpms Platform, Openshift and 2 more | 2024-11-21 | 8.1 High |
| Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim's browser (effectively serving as XSS). | ||||
| CVE-2019-20916 | 5 Debian, Opensuse, Oracle and 2 more | 7 Debian Linux, Leap, Communications Cloud Native Core Network Function Cloud Native Environment and 4 more | 2024-11-21 | 7.5 High |
| The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. | ||||
| CVE-2019-20915 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.1 High |
| An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in bit_write_TF in bits.c. | ||||
| CVE-2019-20913 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.1 High |
| An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in dwg_encode_entity in common_entity_data.spec. | ||||
| CVE-2019-20912 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.8 High |
| An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF. | ||||
| CVE-2019-20910 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.1 High |
| An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011. | ||||
| CVE-2019-20909 | 1 Gnu | 1 Libredwg | 2024-11-21 | 7.5 High |
| An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec. | ||||