Export limit exceeded: 20149 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20149 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-19838 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2024-11-21 | 9.8 Critical |
| emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute. | ||||
| CVE-2019-19824 | 1 Totolink | 17 A3002ru, A3002ru Firmware, A702r and 14 more | 2024-11-21 | 8.8 High |
| On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, N100RE through 3.4.0, and N302RE 2.0.2. | ||||
| CVE-2019-19816 | 4 Canonical, Debian, Linux and 1 more | 18 Ubuntu Linux, Debian Linux, Linux Kernel and 15 more | 2024-11-21 | 7.8 High |
| In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image and performing some operations can cause slab-out-of-bounds write access in __btrfs_map_block in fs/btrfs/volumes.c, because a value of 1 for the number of data stripes is mishandled. | ||||
| CVE-2019-19814 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image can cause __remove_dirty_segment slab-out-of-bounds write access because an array is bounded by the number of dirty types (8) but the array index can exceed this. | ||||
| CVE-2019-19797 | 3 Debian, Fedoraproject, Xfig Project | 3 Debian Linux, Fedora, Fig2dev | 2024-11-21 | 5.5 Medium |
| read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write. | ||||
| CVE-2019-19796 | 1 Yabasic | 1 Yabasic | 2024-11-21 | 7.8 High |
| Yabasic 2.86.2 has a heap-based buffer overflow in myformat in function.c via a crafted BASIC source file. | ||||
| CVE-2019-19795 | 1 Samurai Project | 1 Samurai | 2024-11-21 | 7.8 High |
| samurai 0.7 has a heap-based buffer overflow in canonpath in util.c via a crafted build file. | ||||
| CVE-2019-19787 | 2 Atasm Project, Fedoraproject | 2 Atasm, Fedora | 2024-11-21 | 7.8 High |
| ATasm 1.06 has a stack-based buffer overflow in the get_signed_expression() function in setparse.c via a crafted .m65 file. | ||||
| CVE-2019-19786 | 2 Atasm Project, Fedoraproject | 2 Atasm, Fedora | 2024-11-21 | 7.8 High |
| ATasm 1.06 has a stack-based buffer overflow in the parse_expr() function in setparse.c via a crafted .m65 file. | ||||
| CVE-2019-19785 | 2 Atasm Project, Fedoraproject | 2 Atasm, Fedora | 2024-11-21 | 7.8 High |
| ATasm 1.06 has a stack-based buffer overflow in the to_comma() function in asm.c via a crafted .m65 file. | ||||
| CVE-2019-19746 | 2 Fedoraproject, Fig2dev Project | 2 Fedora, Fig2dev | 2024-11-21 | 5.5 Medium |
| make_arrow in arrow.c in Xfig fig2dev 3.2.7b allows a segmentation fault and out-of-bounds write because of an integer overflow via a large arrow type. | ||||
| CVE-2019-19721 | 1 Videolan | 1 Vlc Media Player | 2024-11-21 | 7.8 High |
| An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. | ||||
| CVE-2019-19720 | 1 Yabasic | 1 Yabasic | 2024-11-21 | 8.8 High |
| Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file. | ||||
| CVE-2019-19642 | 1 Supermicro | 3 X8sti-f, X8sti-f Bios, X8sti-f Firmware | 2024-11-21 | 8.8 High |
| On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareName. The attacker can achieve a persistent backdoor. | ||||
| CVE-2019-19630 | 3 Debian, Fedoraproject, Htmldoc Project | 3 Debian Linux, Fedora, Htmldoc | 2024-11-21 | 7.8 High |
| HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() function in string.c (when called from render_contents in ps-pdf.cxx) via a crafted HTML document. | ||||
| CVE-2019-19609 | 1 Strapi | 1 Strapi | 2024-11-21 | 7.2 High |
| The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function. | ||||
| CVE-2019-19606 | 1 X-plane | 1 X-plane | 2024-11-21 | 9.8 Critical |
| X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system. | ||||
| CVE-2019-19605 | 1 X-plane | 1 X-plane | 2024-11-21 | 9.8 Critical |
| X-Plane before 11.41 allows Arbitrary Memory Write via crafted network packets, which could cause a denial of service or arbitrary code execution. | ||||
| CVE-2019-19604 | 4 Debian, Fedoraproject, Git-scm and 1 more | 4 Debian Linux, Fedora, Git and 1 more | 2024-11-21 | 7.8 High |
| Arbitrary command execution is possible in Git before 2.20.2, 2.21.x before 2.21.1, 2.22.x before 2.22.2, 2.23.x before 2.23.1, and 2.24.x before 2.24.1 because a "git submodule update" operation can run commands found in the .gitmodules file of a malicious repository. | ||||
| CVE-2019-19555 | 1 Xfig Project | 1 Xfig | 2024-11-21 | 5.5 Medium |
| read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. | ||||