Export limit exceeded: 79582 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79582 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-9854 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.8 High |
| LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2019-9852, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed by employing a URL encoding attack to defeat the path verification step. However this protection could be bypassed by taking advantage of a flaw in how LibreOffice assembled the final script URL location directly from components of the passed in path as opposed to solely from the sanitized output of the path verification step. This issue affects: Document Foundation LibreOffice 6.2 versions prior to 6.2.7; 6.3 versions prior to 6.3.1. | ||||
| CVE-2019-9853 | 2 Libreoffice, Redhat | 2 Libreoffice, Enterprise Linux | 2024-11-21 | 7.8 High |
| LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1. | ||||
| CVE-2019-9852 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.8 High |
| LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. | ||||
| CVE-2019-9818 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 8.3 High |
| A race condition is present in the crash generation server used to generate data for the crash reporter. This issue can lead to a use-after-free in the main process, resulting in a potentially exploitable crash and a sandbox escape. *Note: this vulnerability only affects Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | ||||
| CVE-2019-9811 | 5 Debian, Mozilla, Novell and 2 more | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 8.3 High |
| As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a browser feature that used the compromised translation. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. | ||||
| CVE-2019-9779 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 7.5 High |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (earlier than CVE-2019-9776). | ||||
| CVE-2019-9778 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 7.5 High |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dwg_dxf_LTYPE at dwg.spec. | ||||
| CVE-2019-9777 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 7.5 High |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer over-read in the function dxf_header_write at header_variables_dxf.spec. | ||||
| CVE-2019-9776 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 7.5 High |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LTYPE at dwg.spec (later than CVE-2019-9779). | ||||
| CVE-2019-9773 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 7.5 High |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the z dimension. | ||||
| CVE-2019-9772 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 7.5 High |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function dwg_dxf_LEADER at dwg.spec. | ||||
| CVE-2019-9771 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 7.5 High |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a NULL pointer dereference in the function bit_convert_TU at bits.c. | ||||
| CVE-2019-9770 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 7.5 High |
| An issue was discovered in GNU LibreDWG 0.7 and 0.7.1645. There is a heap-based buffer overflow in the function dwg_decode_eed_data at decode.c for the y dimension. | ||||
| CVE-2019-9757 | 1 Labkey | 1 Labkey Server | 2024-11-21 | 7.5 High |
| An issue was discovered in LabKey Server 19.1.0. Sending an SVG containing an XXE payload to the endpoint visualization-exportImage.view or visualization-exportPDF.view allows local files to be read. | ||||
| CVE-2019-9755 | 2 Redhat, Tuxera | 7 Advanced Virtualization, Enterprise Linux, Enterprise Linux Eus and 4 more | 2024-11-21 | 7.0 High |
| An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow, resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary, this could lead to a local escalation of privileges. | ||||
| CVE-2019-9749 | 1 Treasuredata | 1 Fluent Bit | 2024-11-21 | 7.5 High |
| An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal. | ||||
| CVE-2019-9745 | 1 Cloudcti | 1 Hip Integrator Recognition Configuration Tool | 2024-11-21 | 7.8 High |
| CloudCTI HIP Integrator Recognition Configuration Tool allows privilege escalation via its EXQUISE integration. This tool communicates with a service (Recognition Update Client Service) via an insecure communication channel (Named Pipe). The data (JSON) sent via this channel is used to import data from CRM software using plugins (.dll files). The plugin to import data from the EXQUISE software (DatasourceExquiseExporter.dll) can be persuaded to start arbitrary programs (including batch files) that are executed using the same privileges as Recognition Update Client Service (NT AUTHORITY\SYSTEM), thus elevating privileges. This occurs because a higher-privileged process executes scripts from a directory writable by a lower-privileged user. | ||||
| CVE-2019-9719 | 1 Libav | 1 Libav | 2024-11-21 | 8.8 High |
| A stack-based buffer overflow in the subtitle decoder in Libav 12.3 allows attackers to corrupt the stack via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c misuses snprintf. NOTE: Third parties dispute that this is a vulnerability because “no evidence of a vulnerability is provided” and only “a generic warning from a static code analysis” is provided | ||||
| CVE-2019-9689 | 1 Axtls Project | 1 Axtls | 2024-11-21 | 7.5 High |
| process_certificate in tls1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow via a crafted TLS certificate handshake message with zero certificates. | ||||
| CVE-2019-9686 | 1 Pacman Project | 1 Pacman | 2024-11-21 | 8.8 High |
| pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name given in this header. However, pacman did not sanitize this name, which may contain slashes, before calling rename(). A malicious server (or a network MitM if downloading over HTTP) can send a Content-Disposition header to make pacman place the file anywhere in the filesystem, potentially leading to arbitrary root code execution. Notably, this bypasses pacman's package signature checking. This occurs in curl_download_internal in lib/libalpm/dload.c. | ||||