Export limit exceeded: 10557 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 14351 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 15811 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20672 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20672 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-16347 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 8.8 High |
| ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | ||||
| CVE-2019-16346 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 8.8 High |
| ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled. | ||||
| CVE-2019-16294 | 2 Notepad-plus-plus, Scintilla | 2 Notepad\+\+, Scintilla | 2024-11-21 | 7.8 High |
| SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file. | ||||
| CVE-2019-16293 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 8.8 High |
| The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field. | ||||
| CVE-2019-16277 | 1 Picoc Project | 1 Picoc | 2024-11-21 | 7.8 High |
| PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c. | ||||
| CVE-2019-16265 | 1 Codesys | 2 Codesys, Eni Server | 2024-11-21 | 9.8 Critical |
| CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow. | ||||
| CVE-2019-16242 | 1 Alcatelmobile | 2 Cingular Flip 2, Cingular Flip 2 Firmware | 2024-11-21 | 6.8 Medium |
| On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI. | ||||
| CVE-2019-16227 | 1 Py-lmdb Project | 1 Py-lmdb | 2024-11-21 | 9.8 Critical |
| An issue was discovered in py-lmdb 0.97. For certain values of mn_flags, mdb_cursor_set triggers a memcpy with an invalid write operation within mdb_xcursor_init1. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. | ||||
| CVE-2019-16226 | 1 Py-lmdb Project | 1 Py-lmdb | 2024-11-21 | 7.5 High |
| An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. | ||||
| CVE-2019-16225 | 1 Py-lmdb Project | 1 Py-lmdb | 2024-11-21 | 9.8 Critical |
| An issue was discovered in py-lmdb 0.97. For certain values of mp_flags, mdb_page_touch does not properly set up mc->mc_pg[mc->top], leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. | ||||
| CVE-2019-16224 | 1 Py-lmdb Project | 1 Py-lmdb | 2024-11-21 | 9.8 Critical |
| An issue was discovered in py-lmdb 0.97. For certain values of md_flags, mdb_node_add does not properly set up a memcpy destination, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. | ||||
| CVE-2019-16213 | 1 Tendacn | 2 Pa6, Pa6 Firmware | 2024-11-21 | 8.8 High |
| Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges. | ||||
| CVE-2019-16167 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 5.5 Medium |
| sysstat before 12.1.6 has memory corruption due to an Integer Overflow in remap_struct() in sa_common.c. | ||||
| CVE-2019-16159 | 4 Debian, Fedoraproject, Nic and 1 more | 4 Debian Linux, Fedora, Bird and 1 more | 2024-11-21 | 7.5 High |
| BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. | ||||
| CVE-2019-16139 | 1 Compact Arena Project | 1 Compact Arena | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the compact_arena crate before 0.4.0 for Rust. Generativity is mishandled, leading to an out-of-bounds write or read. | ||||
| CVE-2019-16098 | 1 Msi | 1 Afterburner | 2024-11-21 | 7.8 High |
| The driver in Micro-Star MSI Afterburner 4.6.2.15658 (aka RTCore64.sys and RTCore32.sys) allows any authenticated user to read and write to arbitrary memory, I/O ports, and MSRs. This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. | ||||
| CVE-2019-16096 | 1 Kilo Project | 1 Kilo | 2024-11-21 | 7.5 High |
| Kilo 0.0.1 has a heap-based buffer overflow because there is an integer overflow in a calculation involving the number of tabs in one row. | ||||
| CVE-2019-16093 | 2 Canonical, Symonics | 2 Ubuntu Linux, Libmysofa | 2024-11-21 | 9.8 Critical |
| Symonics libmysofa 0.7 has an invalid write in readOHDRHeaderMessageDataLayout in hdf/dataobject.c. | ||||
| CVE-2019-16072 | 1 Netsas | 1 Enigma Network Management Solution | 2024-11-21 | 9.8 Critical |
| An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows an attacker to execute arbitrary code because of improper neutralization of shell metacharacters in the ip_address variable within an snmp_browser action. | ||||
| CVE-2019-15997 | 1 Cisco | 1 Dna Spaces\ | 2024-11-21 | 6.7 Medium |
| A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command. An attacker could exploit this vulnerability by including malicious input during the execution of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as root. | ||||