Export limit exceeded: 74609 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74609 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14559 | 2 Redhat, Tianocore | 2 Enterprise Linux, Edk2 | 2024-11-21 | 7.5 High |
| Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2019-14557 | 1 Intel | 55 Bios, Celeron 4205u, Celeron 4305u and 52 more | 2024-11-21 | 8.0 High |
| Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable elevation of privilege or denial of service via adjacent access. | ||||
| CVE-2019-14530 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.8 High |
| An issue was discovered in custom/ajax_download.php in OpenEMR before 5.0.2 via the fileName parameter. An attacker can download any file (that is readable by the user www-data) from server storage. If the requested file is writable for the www-data user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, it will be deleted from server. | ||||
| CVE-2019-14524 | 2 Opensuse, Schismtracker | 3 Backports, Leap, Schism Tracker | 2024-11-21 | 7.8 High |
| An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465. | ||||
| CVE-2019-14523 | 1 Schismtracker | 1 Schism Tracker | 2024-11-21 | 7.8 High |
| An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmt_okt_load_song in the Amiga Oktalyzer parser in fmt/okt.c. | ||||
| CVE-2019-14513 | 3 Debian, Redhat, Thekelleys | 3 Debian Linux, Enterprise Linux, Dnsmasq | 2024-11-21 | 7.5 High |
| Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491. | ||||
| CVE-2019-14497 | 3 Canonical, Debian, Milkytracker Project | 3 Ubuntu Linux, Debian Linux, Milkytracker | 2024-11-21 | 7.8 High |
| ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTracker 1.02.00 has a heap-based buffer overflow. | ||||
| CVE-2019-14496 | 3 Canonical, Debian, Milkytracker Project | 3 Ubuntu Linux, Debian Linux, Milkytracker | 2024-11-21 | 7.8 High |
| LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 has a stack-based buffer overflow. | ||||
| CVE-2019-14494 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. | ||||
| CVE-2019-14493 | 2 Debian, Opencv | 2 Debian Linux, Opencv | 2024-11-21 | 7.5 High |
| An issue was discovered in OpenCV before 4.1.1. There is a NULL pointer dereference in the function cv::XMLParser::parse at modules/core/src/persistence.cpp. | ||||
| CVE-2019-14492 | 2 Opencv, Opensuse | 2 Opencv, Leap | 2024-11-21 | 7.5 High |
| An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. | ||||
| CVE-2019-14483 | 1 Adremsoft | 1 Netcrunch | 2024-11-21 | 8.8 High |
| AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private keys' passwords, and root passwords stored in the credential manager. Every administrator can read the ESX and Windows passwords stored in the credential manager. | ||||
| CVE-2019-14479 | 1 Adremsoft | 1 Netcrunch | 2024-11-21 | 8.8 High |
| AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code on the server running the NetCrunch server software. | ||||
| CVE-2019-14467 | 1 Infoway | 1 Social Photo Gallery | 2024-11-21 | 7.8 High |
| The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked. | ||||
| CVE-2019-14465 | 1 Schismtracker | 1 Schism Tracker | 2024-11-21 | 7.8 High |
| fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a heap-based buffer overflow. | ||||
| CVE-2019-14459 | 3 Debian, Fedoraproject, Nfdump Project | 3 Debian Linux, Fedora, Nfdump | 2024-11-21 | 7.5 High |
| nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service). | ||||
| CVE-2019-14458 | 1 Vivotek | 1 Camera | 2024-11-21 | 7.5 High |
| VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. | ||||
| CVE-2019-14453 | 1 Comelitgroup | 1 Away From Home | 2024-11-21 | 8.8 High |
| An issue was discovered in Comelit "App lejos de casa (web)" 2.8.0. It allows privilege escalation via modified domus and logged fields, related to js/bridge.min.js and login.json. For example, an attacker can achieve high privileges (installer or administrator) for the graphical interface via a 1C000000000S value for domus, in conjunction with a zero value for logged. | ||||
| CVE-2019-14439 | 6 Apache, Debian, Fasterxml and 3 more | 20 Drill, Debian Linux, Jackson-databind and 17 more | 2024-11-21 | 7.5 High |
| A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. | ||||
| CVE-2019-14423 | 1 Eq-3 | 3 Ccu2, Ccu2 Firmware, Cux-daemon | 2024-11-21 | 8.8 High |
| A Remote Code Execution (RCE) issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to execute system commands as root remotely via a simple HTTP request. | ||||