Export limit exceeded: 74458 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74458 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12169 | 1 Atutor | 1 Atutor | 2024-11-21 | 8.8 High |
| ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/_core/languages/language_import.php (aka Import New Language) or mods/_standard/patcher/index_admin.php (aka Patcher) component. | ||||
| CVE-2019-12123 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 8.8 High |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | ||||
| CVE-2019-12121 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 7.5 High |
| An issue was detected in ONAP Portal through Dublin. By executing a padding oracle attack using the ONAPPORTAL/processSingleSignOn UserId field, an attacker is able to decrypt arbitrary information encrypted with the same symmetric key as UserId. All Portal setups are affected. | ||||
| CVE-2019-12113 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 8.8 High |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | ||||
| CVE-2019-12111 | 2 Debian, Miniupnp Project | 2 Debian Linux, Miniupnpd | 2024-11-21 | 7.5 High |
| A Denial Of Service vulnerability in MiniUPnP MiniUPnPd through 2.1 exists due to a NULL pointer dereference in copyIPv6IfDifferent in pcpserver.c. | ||||
| CVE-2019-12105 | 1 Supervisord | 1 Supervisor | 2024-11-21 | 8.2 High |
| In Supervisor through 4.0.2, an unauthenticated user can read log files or restart a service. Note: The maintainer responded that the affected component, inet_http_server, is not enabled by default but if the user enables it and does not set a password, Supervisor logs a warning message. The maintainer indicated the ability to run an open server will not be removed but an additional warning was added to the documentation | ||||
| CVE-2019-12098 | 4 Debian, Fedoraproject, Heimdal Project and 1 more | 5 Debian Linux, Fedora, Heimdal and 2 more | 2024-11-21 | 7.4 High |
| In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. | ||||
| CVE-2019-12095 | 1 Horde | 1 Groupware | 2024-11-21 | 8.8 High |
| Horde Trean, as used in Horde Groupware Webmail Edition through 5.2.22 and other products, allows CSRF, as demonstrated by the treanBookmarkTags parameter to the trean/ URI on a webmail server. NOTE: treanBookmarkTags could, for example, be a stored XSS payload. | ||||
| CVE-2019-12091 | 1 Netskope | 1 Netskope | 2024-11-21 | 7.8 High |
| The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege. | ||||
| CVE-2019-12086 | 3 Debian, Fasterxml, Redhat | 12 Debian Linux, Jackson-databind, Amq Streams and 9 more | 2024-11-21 | 7.5 High |
| A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation. | ||||
| CVE-2019-12083 | 3 Fedoraproject, Opensuse, Rust-lang | 3 Fedora, Leap, Rust | 2024-11-21 | 8.1 High |
| The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected. | ||||
| CVE-2019-12041 | 1 Remarkable Project | 1 Remarkable | 2024-11-21 | 7.5 High |
| lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section. | ||||
| CVE-2019-11995 | 1 Hp | 1 Universal Internet Of Things | 2024-11-21 | 7.5 High |
| Security vulnerabilities in HPE UIoT version 1.2.4.2 could allow unauthorized remote access and access to sensitive data. HPE has addressed this issue in HPE UIoT: For customers with release UIoT 1.2.4.2 fixes are made available with 1.2.4.2 RP3 HF1. For customers with release older than 1.2.4.2, such as 1.2.4.1, 1.2.4.0, the resolution will be to upgrade to 1.2.4.2 RP3 HF1 Customers are requested to upgrade to the updated versions or contact HPE support for further assistance. | ||||
| CVE-2019-11993 | 1 Hp | 16 Simplivity 2600 Gen10, Simplivity 2600 Gen10 Firmware, Simplivity 380 Gen10 and 13 more | 2024-11-21 | 7.5 High |
| A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now deprecated APIs run as root, accept a file name path, and can be used to create or delete arbitrary files on the nodes. These APIs do not require user authentication and are accessible over the management network, resulting in remote availability and integrity vulnerabilities For all customers running HPE OmniStack version 3.7.9 and earlier. HPE recommends upgrading the OmniStack software to version 3.7.10 or later, which contains a permanent resolution. Customers and partners who can upgrade to 3.7.10 should upgrade at the earliest convenience. For all customers and partners unable to upgrade their environments to the recommended version 3.7.10, HPE has created a Temporary Workaround https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=mmr_sf-EN_US000061675&withFrame for you to implement. All customer should upgrade to the recommended 3.7.10 or later version at the earliest convenience. | ||||
| CVE-2019-11939 | 1 Facebook | 1 Thrift | 2024-11-21 | 7.5 High |
| Golang Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.03.16.00. | ||||
| CVE-2019-11938 | 1 Facebook | 1 Thrift | 2024-11-21 | 7.5 High |
| Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00. | ||||
| CVE-2019-11937 | 1 Facebook | 1 Mcrouter | 2024-11-21 | 7.5 High |
| In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service. | ||||
| CVE-2019-11932 | 2 Android-gif-drawable Project, Whatsapp | 2 Android-gif-drawable, Whatsapp | 2024-11-21 | 8.8 High |
| A double free vulnerability in the DDGifSlurp function in decoding.c in the android-gif-drawable library before version 1.2.18, as used in WhatsApp for Android before version 2.19.244 and many other Android applications, allows remote attackers to execute arbitrary code or cause a denial of service when the library is used to parse a specially crafted GIF image. | ||||
| CVE-2019-11931 | 1 Whatsapp | 3 Whatsapp, Whatsapp Business, Whatsapp Enterprise Client | 2024-11-21 | 7.8 High |
| A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100. | ||||
| CVE-2019-11927 | 1 Whatsapp | 1 Whatsapp | 2024-11-21 | 7.8 High |
| An integer overflow in WhatsApp media parsing libraries allows a remote attacker to perform an out-of-bounds write on the heap via specially-crafted EXIF tags in WEBP images. This issue affects WhatsApp for Android before version 2.19.143 and WhatsApp for iOS before version 2.19.100. | ||||