Export limit exceeded: 344998 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5907 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-8255 | 4 Adobe, Apple, Linux and 1 more | 4 Brackets, Mac Os X, Linux Kernel and 1 more | 2024-11-21 | 9.8 Critical |
| Brackets versions 1.14 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2019-8088 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 9.8 Critical |
| Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2019-8073 | 1 Adobe | 1 Coldfusion | 2024-11-21 | 9.8 Critical |
| ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user. | ||||
| CVE-2019-8060 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-11-21 | 9.8 Critical |
| Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution . | ||||
| CVE-2019-7989 | 3 Adobe, Apple, Microsoft | 3 Photoshop Cc, Macos, Windows | 2024-11-21 | N/A |
| Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2019-7968 | 3 Adobe, Apple, Microsoft | 3 Photoshop Cc, Macos, Windows | 2024-11-21 | N/A |
| Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2019-7850 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2024-11-21 | N/A |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user. | ||||
| CVE-2019-7839 | 1 Adobe | 1 Coldfusion | 2024-11-21 | N/A |
| ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2019-7704 | 1 Webassembly | 1 Binaryen | 2024-11-21 | 6.5 Medium |
| wasm::WasmBinaryBuilder::readUserSection in wasm-binary.cpp in Binaryen 1.38.22 triggers an attempt at excessive memory allocation, as demonstrated by wasm-merge and wasm-opt. | ||||
| CVE-2019-7698 | 1 Axiosys | 1 Bento4 | 2024-11-21 | N/A |
| An issue was discovered in AP4_Array<AP4_CttsTableEntry>::EnsureCapacity in Core/Ap4Array.h in Bento4 1.5.1-627. Crafted MP4 input triggers an attempt at excessive memory allocation, as demonstrated by mp42hls, a related issue to CVE-2018-20095. | ||||
| CVE-2019-7613 | 1 Elastic | 1 Winlogbeat | 2024-11-21 | 7.5 High |
| Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event. | ||||
| CVE-2019-7610 | 2 Elastic, Redhat | 2 Kibana, Openshift | 2024-11-21 | N/A |
| Kibana versions before 6.6.1 contain an arbitrary code execution flaw in the security audit logger. If a Kibana instance has the setting xpack.security.audit.enabled set to true, an attacker could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. | ||||
| CVE-2019-7582 | 2 Canonical, Libming | 2 Ubuntu Linux, Libming | 2024-11-21 | N/A |
| The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure. | ||||
| CVE-2019-7581 | 2 Canonical, Libming | 2 Ubuntu Linux, Libming | 2024-11-21 | N/A |
| The parseSWF_ACTIONRECORD function in util/parser.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure, a different vulnerability than CVE-2018-7876. | ||||
| CVE-2019-7537 | 1 Pytroll | 1 Donfig | 2024-11-21 | N/A |
| An issue was discovered in Donfig 0.3.0. There is a vulnerability in the collect_yaml method in config_obj.py. It can execute arbitrary Python commands, resulting in command execution. | ||||
| CVE-2019-7198 | 1 Qnap | 2 Qts, Quts Hero | 2024-11-21 | 9.8 Critical |
| This command injection vulnerability allows attackers to execute arbitrary commands in a compromised application. QNAP have already fixed this vulnerability in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later | ||||
| CVE-2019-7148 | 1 Elfutils Project | 1 Elfutils | 2024-11-21 | N/A |
| An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a "warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens." | ||||
| CVE-2019-6988 | 1 Uclouvain | 1 Openjpeg | 2024-11-21 | N/A |
| An issue was discovered in OpenJPEG 2.3.0. It allows remote attackers to cause a denial of service (attempted excessive memory allocation) in opj_calloc in openjp2/opj_malloc.c, when called from opj_tcd_init_tile in openjp2/tcd.c, as demonstrated by the 64-bit opj_decompress. | ||||
| CVE-2019-6986 | 1 Duraspace | 1 Vitro | 2024-11-21 | N/A |
| SPARQL Injection in VIVO Vitro v1.10.0 allows a remote attacker to execute arbitrary SPARQL via the uri parameter, leading to a regular expression denial of service (ReDoS), as demonstrated by crafted use of FILTER%20regex in a /individual?uri= request. | ||||
| CVE-2019-6975 | 3 Canonical, Djangoproject, Fedoraproject | 3 Ubuntu Linux, Django, Fedora | 2024-11-21 | N/A |
| Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function. | ||||