Export limit exceeded: 45232 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45232 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-20219 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 8.8 High |
| ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor in ngiflib.c. | ||||
| CVE-2019-20200 | 1 Ezxml Project | 1 Ezxml | 2024-11-21 | 6.5 Medium |
| An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature. | ||||
| CVE-2019-20199 | 1 Ezxml Project | 1 Ezxml | 2024-11-21 | 6.5 Medium |
| An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer. | ||||
| CVE-2019-20184 | 1 Keepass | 1 Keepass | 2024-11-21 | 7.8 High |
| KeePass 2.4.1 allows CSV injection in the title field of a CSV export. | ||||
| CVE-2019-20180 | 1 Tablepress | 1 Tablepress | 2024-11-21 | 6.8 Medium |
| The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV injection by Editor users. Note: The vendor disputes this issue and argues that this responsibility lies with the application that opens the CSV file and not TablePress. | ||||
| CVE-2019-20172 | 1 Serenityos | 1 Serenityos | 2024-11-21 | 7.8 High |
| Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not reject syscalls with pointers into the kernel-only virtual address space, which allows local users to gain privileges by overwriting a return address that was found on the kernel stack. | ||||
| CVE-2019-20089 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 7.8 High |
| GoPro GPMF-parser 1.2.3 has an heap-based buffer over-read in GPMF_SeekToSamples in GPMF_parse.c for the size calculation. | ||||
| CVE-2019-20088 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 7.8 High |
| GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GetPayload in GPMF_mp4reader.c. | ||||
| CVE-2019-20087 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 8.8 High |
| GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_seekToSamples in GPMF-parse.c for the "matching tags" feature. | ||||
| CVE-2019-20086 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 8.8 High |
| GoPro GPMF-parser 1.2.3 has a heap-based buffer over-read in GPMF_Next in GPMF_parser.c. | ||||
| CVE-2019-20082 | 1 Asus | 2 Rt-n53, Rt-n53 Firmware | 2024-11-21 | 9.8 Critical |
| ASUS RT-N53 3.0.0.4.376.3754 devices have a buffer overflow via a long lan_dns1_x or lan_dns2_x parameter to Advanced_LAN_Content.asp. | ||||
| CVE-2019-20054 | 3 Linux, Netapp, Redhat | 19 Linux Kernel, 8300, 8300 Firmware and 16 more | 2024-11-21 | 5.5 Medium |
| In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. | ||||
| CVE-2019-20020 | 1 Matio Project | 1 Matio | 2024-11-21 | 6.5 Medium |
| A stack-based buffer over-read was discovered in ReadNextStructField in mat5.c in matio 1.5.17. | ||||
| CVE-2019-20018 | 1 Matio Project | 1 Matio | 2024-11-21 | 6.5 Medium |
| A stack-based buffer over-read was discovered in ReadNextCell in mat5.c in matio 1.5.17. | ||||
| CVE-2019-20017 | 1 Matio Project | 1 Matio | 2024-11-21 | 6.5 Medium |
| A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 in mat5.c in matio 1.5.17. | ||||
| CVE-2019-20011 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 8.8 High |
| An issue was discovered in GNU LibreDWG 0.92. There is a heap-based buffer over-read in decode_R13_R2000 in decode.c. | ||||
| CVE-2019-20005 | 1 Ezxml Project | 1 Ezxml | 2024-11-21 | 6.5 Medium |
| An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished). | ||||
| CVE-2019-20002 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 7.8 High |
| Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | ||||
| CVE-2019-1996 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-111451066. | ||||
| CVE-2019-1994 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117770924. | ||||