Export limit exceeded: 363372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 85514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (85514 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15226 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 7.5 High |
| Upon receiving each incoming request header data, Envoy will iterate over existing request headers to verify that the total size of the headers stays below a maximum limit. The implementation in versions 1.10.0 through 1.11.1 for HTTP/1.x traffic and all versions of Envoy for HTTP/2 traffic had O(n^2) performance characteristics. A remote attacker may craft a request that stays below the maximum request header size but consists of many thousands of small headers to consume CPU and result in a denial-of-service attack. | ||||
| CVE-2019-15163 | 1 Tcpdump | 1 Libpcap | 2024-11-21 | 7.5 High |
| rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails. | ||||
| CVE-2019-15150 | 1 Schine.games | 1 Mw-oauth2client | 2024-11-21 | 8.8 High |
| In the OAuth2 Client extension before 0.4 for MediaWiki, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function. | ||||
| CVE-2019-15138 | 1 Html-pdf Project | 1 Html-pdf | 2024-11-21 | 7.5 High |
| The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL. | ||||
| CVE-2019-15123 | 1 Vikisolutions | 1 Vera | 2024-11-21 | 7.2 High |
| The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. An attacker could use this to upload a malicious .aspx file and gain Remote Code Execution on the site. | ||||
| CVE-2019-15117 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access. | ||||
| CVE-2019-15099 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2024-11-21 | 7.5 High |
| drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor. | ||||
| CVE-2019-15089 | 1 Prise | 1 Adas | 2024-11-21 | 8.8 High |
| An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator. | ||||
| CVE-2019-15087 | 1 Prise | 1 Adas | 2024-11-21 | 7.2 High |
| An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution. | ||||
| CVE-2019-15085 | 1 Prise | 1 Adas | 2024-11-21 | 7.5 High |
| An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form. | ||||
| CVE-2019-15080 | 1 Morph Project | 1 Morph | 2024-11-21 | 7.5 High |
| An issue was discovered in a smart contract implementation for MORPH Token through 2019-06-05, an Ethereum token. A typo in the constructor of the Owned contract (which is inherited by MORPH Token) allows attackers to acquire contract ownership. A new owner can subsequently obtain MORPH Tokens for free and can perform a DoS attack. | ||||
| CVE-2019-15079 | 1 Eai Project | 1 Eai | 2024-11-21 | 7.5 High |
| A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an Ethereum token. This vulnerability could be used by an attacker to acquire EAI tokens for free. | ||||
| CVE-2019-15078 | 1 Xbornid | 1 Xbornid | 2024-11-21 | 7.5 High |
| An issue was discovered in a smart contract implementation for AIRDROPX BORN through 2019-05-29, an Ethereum token. The name of the constructor has a typo (wrong case: XBornID versus XBORNID) that allows an attacker to change the owner of the contract and obtain cryptocurrency for free. | ||||
| CVE-2019-15075 | 1 Inextrix | 1 Astpp | 2024-11-21 | 7.5 High |
| An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/astpp/application/config/config.php does not have strong random keys, as demonstrated by use of the 8YSDaBtDHAB3EQkxPAyTz2I5DttzA9uR private key and the r)fddEw232f encryption key. | ||||
| CVE-2019-15059 | 1 Lispbx Project | 1 Lispbx | 2024-11-21 | 7.5 High |
| In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX information including extension numbers, contacts, and passwords. | ||||
| CVE-2019-15051 | 1 Softing | 6 Uagate 840d, Uagate 840d Firmware, Uagate Mb and 3 more | 2024-11-21 | 8.8 High |
| An issue was discovered in Softing uaGate (SI, MB, 840D) firmware through 1.71.00.1225. A CGI script is vulnerable to command injection via a maliciously crafted form parameter. | ||||
| CVE-2019-15046 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 7.5 High |
| Zoho ManageEngine ServiceDesk Plus 10 before 10509 allows unauthenticated sensitive information leakage during Fail Over Service (FOS) replication, aka SD-79989. | ||||
| CVE-2019-15042 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| An issue was discovered in JetBrains TeamCity 2018.2.4. It had no SSL certificate validation for some external https connections. This was fixed in TeamCity 2019.1. | ||||
| CVE-2019-15040 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 8.8 High |
| JetBrains YouTrack versions before 2019.1 had a CSRF vulnerability on the settings page. | ||||
| CVE-2019-15038 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| An issue was discovered in JetBrains TeamCity 2018.2.4. The TeamCity server was not using some security-related HTTP headers. The issue was fixed in TeamCity 2019.1. | ||||