Vulnerabilities (CVE)

Filter

38146 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-2269 1 Qualcomm 24 Mdm9150 Firmware, Mdm9650 Firmware, Msm8996au Firmware and 21 more 2019-07-22 7.5
Possible buffer overflow while processing the high level lim process action frame due to improper buffer length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...
CVE-2019-14209 1 Foxitsoftware 1 Phantompdf 2019-07-22 7.5
An issue was discovered in Foxit PhantomPDF before 8.3.10. The application could be exposed to Heap Corruption due to data desynchrony when adding AcroForm.
CVE-2019-1010292 2019-07-22 7.5
Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0.
CVE-2019-12725 1 Zeroshell 1 Zeroshell 2019-07-22 10.0
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside...
CVE-2019-1010062 1 Pluck-cms 1 Pluckcms 2019-07-22 7.5
PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a...
CVE-2019-1010060 1 Nasa 1 Cfitsio 2019-07-22 7.5
NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43....
CVE-2018-11307 2 Fasterxml, Redhat 2 Jackson-databind, Enterprise Linux 2019-07-22 7.5
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
CVE-2019-13615 1 Videolan 1 Vlc Media Player 2019-07-22 7.5
VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp.
CVE-2019-10164 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2019-07-21 9.0
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This...
CVE-2018-8780 3 Ruby-lang, Canonical, Debian 3 Ruby, Ubuntu Linux, Debian Linux 2019-07-21 7.5
In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the Dir.open, Dir.new, Dir.entries and Dir.empty? methods do not check NULL characters. When using the corresponding method, unintentional...
CVE-2018-16395 3 Ruby-lang, Canonical, Debian 3 Ruby, Ubuntu Linux, Debian Linux 2019-07-21 7.5
An issue was discovered in the OpenSSL library in Ruby before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.2, and 2.6.x before 2.6.0-preview3. When two OpenSSL::X509::Name objects are compared using ==, depending on the ordering, non-equal objects...
CVE-2018-18505 4 Mozilla, Canonical, Debian and 1 more 11 Firefox, Firefox Esr, Thunderbird and 8 more 2019-07-20 7.5
An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC endpoints and server parents during IPC process creation. This authentication is insufficient for channels...
CVE-2019-13575 1 Wpeverest 1 Everest Forms 2019-07-19 7.5
A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via...
CVE-2019-7850 1 Adobe 1 Campaign 2019-07-19 7.5
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-1010259 1 Saltstack 2 Salt 2018, Salt 2019 2019-07-19 7.5
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module...
CVE-2019-13624 1 Onosproject 1 Onos 2019-07-19 10.0
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.
CVE-2019-13625 2019-07-19 9.4
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.
CVE-2019-12876 1 Zohocorp 3 Manageengine Admanager Plus, Manageengine Adselfservice Plus, Manageengine Desktop Central 2019-07-19 8.5
Zoho ManageEngine ADManager Plus 6.6.5, ADSelfService Plus 5.7, and DesktopCentral 10.0.380 have Insecure Permissions, leading to Privilege Escalation from low level privileges to System.
CVE-2019-13952 1 Gdnsd 1 Gdnsd 2019-07-19 7.5
The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data.
CVE-2019-13951 1 Gdnsd 1 Gdnsd 2019-07-19 7.5
The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv4 address in zone data.