Export limit exceeded: 363372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 85514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85514 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-15226 1 Envoyproxy 1 Envoy 2024-11-21 7.5 High
Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack.
CVE-2019-15163 1 Tcpdump 1 Libpcap 2024-11-21 7.5 High
rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.
CVE-2019-15150 1 Schine.games 1 Mw-oauth2client 2024-11-21 8.8 High
In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function.
CVE-2019-15138 1 Html-pdf Project 1 Html-pdf 2024-11-21 7.5 High
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-15123 1 Vikisolutions 1 Vera 2024-11-21 7.2 High
The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. An attacker could use this to upload a malicious .aspx file and gain Remote Code Execution on the site.
CVE-2019-15117 1 Linux 1 Linux Kernel 2024-11-21 7.8 High
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.
CVE-2019-15099 3 Canonical, Linux, Redhat 3 Ubuntu Linux, Linux Kernel, Enterprise Linux 2024-11-21 7.5 High
drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.
CVE-2019-15089 1 Prise 1 Adas 2024-11-21 8.8 High
An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.
CVE-2019-15087 1 Prise 1 Adas 2024-11-21 7.2 High
An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.
CVE-2019-15085 1 Prise 1 Adas 2024-11-21 7.5 High
An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form.
CVE-2019-15080 1 Morph Project 1 Morph 2024-11-21 7.5 High
An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract (which is inherited by MORPH Token) allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for free and can perform a DoS attack.
CVE-2019-15079 1 Eai Project 1 Eai 2024-11-21 7.5 High
A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an Ethereum token. This vulnerability could be used by an attacker to acquire EAI tokens for free.
CVE-2019-15078 1 Xbornid 1 Xbornid 2024-11-21 7.5 High
An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free.
CVE-2019-15075 1 Inextrix 1 Astpp 2024-11-21 7.5 High
An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key.
CVE-2019-15059 1 Lispbx Project 1 Lispbx 2024-11-21 7.5 High
In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX information including extension numbers, contacts, and passwords.
CVE-2019-15051 1 Softing 6 Uagate 840d, Uagate 840d Firmware, Uagate Mb and 3 more 2024-11-21 8.8 High
An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter.
CVE-2019-15046 1 Zohocorp 1 Manageengine Servicedesk Plus 2024-11-21 7.5 High
Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989.
CVE-2019-15042 1 Jetbrains 1 Teamcity 2024-11-21 7.5 High
An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1.
CVE-2019-15040 1 Jetbrains 1 Youtrack 2024-11-21 8.8 High
JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page.
CVE-2019-15038 1 Jetbrains 1 Teamcity 2024-11-21 7.5 High
An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1.