Vulnerabilities (CVE)

Filter

74125 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17362 2 Libtom, Debian 2 Libtomcrypt, Debian Linux 2019-10-15 6.4
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read...
CVE-2019-1321 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-15 7.2
An elevation of privilege vulnerability exists when Windows CloudStore improperly handles file Discretionary Access Control List (DACL), aka 'Microsoft Windows CloudStore Elevation of Privilege Vulnerability'.
CVE-2019-17432 1 Fastadmin 1 Fastadmin 2019-10-15 4.3
An issue was discovered in fastadmin 1.0.0.20190705_beta. There is a public/admin/general.config/edit CSRF vulnerability, as demonstrated by resultant XSS via the row[name] parameter.
CVE-2019-5699 1 Nvidia 1 Shield Experience 2019-10-15 7.2
NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution....
CVE-2019-5700 1 Nvidia 1 Shield Experience 2019-10-15 7.2
NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges,...
CVE-2019-0380 1 Sap 1 Landscape Management 2019-10-15 4.0
Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters? default values to be part of the application logs leading to Information Disclosure.
CVE-2019-1339 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-15 7.2
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1342.
CVE-2019-0379 1 Sap 1 Process Integration 2019-10-15 5.0
SAP Process Integration, business-to-business add-on, versions 1.0, 2.0, does not perform authentication check properly when the default security provider is changed to BouncyCastle (BC), leading to Missing Authentication Check
CVE-2019-17108 1 Centreon 1 Centreon Web 2019-10-15 4.3
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.
CVE-2019-17105 1 Centreon 1 Centreon Web 2019-10-15 5.0
The token generator in index.php in Centreon Web before 2.8.27 is predictable.
CVE-2019-1347 1 Microsoft 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more 2019-10-15 7.1
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346.
CVE-2019-1346 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-15 7.1
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347.
CVE-2019-17107 1 Centreon 1 Centreon Web 2019-10-15 6.5
minPlayCommand.php in Centreon Web before 2.8.27 allows authenticated attackers to execute arbitrary code via the command_hostaddress parameter. NOTE: some sources have listed CVE-2019-17017 for this, but that is incorrect.
CVE-2019-1343 1 Microsoft 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more 2019-10-15 7.1
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347.
CVE-2018-21023 1 Centreon 1 Centreon Web 2019-10-15 6.5
getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter.
CVE-2019-15894 1 Espressif 1 Esp-idf 2019-10-15 7.2
An issue was discovered in Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.6, 3.2.x through 3.2.3, and 3.3.x through 3.3.1. An attacker who uses fault injection to physically disrupt the ESP32 CPU can bypass the Secure Boot digest...
CVE-2019-13120 1 Amazon 1 Freertos 2019-10-15 5.0
Amazon FreeRTOS up to and including v1.4.8 for AWS lacks length checking in prvProcessReceivedPublish, resulting in leakage of arbitrary memory contents on a device to an attacker. An attacker sends a malformed MQTT publish packet, and waits for...
CVE-2019-17359 1 Bouncycastle 1 Legion-of-the-bouncy-castle-java-crytography-api 2019-10-15 5.0
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
CVE-2015-9460 2019-10-15 6.5
The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter.
CVE-2019-17386 1 Eleopard 1 Animate It%21 2019-10-15 6.8
The animate-it plugin before 2.3.6 for WordPress has CSRF in edsanimate.php.