Vulnerabilities (CVE)

Filter

74036 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17092 1 Openproject 1 Openproject 2019-10-14 4.3
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.
CVE-2019-16228 1 Py-lmdb Project 1 Py-lmdb 2019-10-12 5.0
An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
CVE-2019-16226 1 Py-lmdb Project 1 Py-lmdb 2019-10-12 5.0
An issue was discovered in py-lmdb 0.97. mdb_node_del does not validate a memmove in the case of an unexpected node->mn_hi, leading to an invalid write operation. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker.
CVE-2016-10874 1 Wpseeds 1 Wp Database Backup 2019-10-12 6.8
The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.
CVE-2016-10873 1 Wpseeds 1 Wp Database Backup 2019-10-12 4.3
The wp-database-backup plugin before 4.3.3 for WordPress has XSS.
CVE-2018-9132 2 Libming, Debian 2 Libming, Debian Linux 2019-10-12 4.3
libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.
CVE-2018-9009 2 Libming, Debian 2 Libming, Debian Linux 2019-10-12 6.8
In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.
CVE-2018-7876 2 Libming, Debian 2 Libming, Debian Linux 2019-10-12 4.3
In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file.
CVE-2018-7873 2 Libming, Debian 2 Libming, Debian Linux 2019-10-12 4.3
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack.
CVE-2018-7866 2 Libming, Debian 2 Libming, Debian Linux 2019-10-12 4.3
A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
CVE-2018-16452 1 Tcpdump 1 Tcpdump 2019-10-11 5.0
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
CVE-2018-16300 1 Tcpdump 1 Tcpdump 2019-10-11 5.0
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.
CVE-2019-1320 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-11 4.6
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1322, CVE-2019-1340.
CVE-2019-0608 1 Microsoft 2 Edge, Internet Explorer 2019-10-11 4.3
A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357.
CVE-2019-1357 1 Microsoft 2 Edge, Internet Explorer 2019-10-11 4.3
A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608.
CVE-2019-1315 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-11 7.2
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342.
CVE-2019-1316 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-11 7.2
An elevation of privilege vulnerability exists in Microsoft Windows Setup when it does not properly handle privileges, aka 'Microsoft Windows Setup Elevation of Privilege Vulnerability'.
CVE-2019-1318 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-11 4.3
A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'.
CVE-2019-17431 1 Fastadmin 1 Fastadmin 2019-10-11 6.8
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/index.php/admin/auth/admin/add CSRF vulnerability.
CVE-2019-17128 1 Netreo 1 Omnicenter 2019-10-11 5.0
Netreo OmniCenter through 12.1.1 allows unauthenticated SQL Injection (Boolean Based Blind) in the redirect parameters and parameter name of the login page through a GET request. The injection allows an attacker to read sensitive information from...