Export limit exceeded: 20123 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20123 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-12489 | 1 Fastweb | 2 Askey Rtv1907vw, Askey Rtv1907vw Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter. | ||||
| CVE-2019-12328 | 1 Atcom | 2 A10w, A10w Firmware | 2024-11-21 | N/A |
| A command injection (missing input validation) issue in the remote phonebook configuration URI in the web interface of the Atcom A10W VoIP phone with firmware 2.6.1a2421 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request. | ||||
| CVE-2019-12325 | 1 Htek | 2 Uc902, Uc902 Firmware | 2024-11-21 | 8.8 High |
| The Htek UC902 VoIP phone web management interface contains several buffer overflow vulnerabilities in the firmware version 2.0.4.4.46, which allow an attacker to crash the device (DoS) without authentication or execute code (authenticated as a user) to spawn a remote shell as a root user. | ||||
| CVE-2019-12324 | 1 Akuvox | 2 Sp-r50p, Sp-r50p Firmware | 2024-11-21 | N/A |
| A command injection (missing input validation) issue in the IP address field for the logging server in the configuration web interface on the Akuvox R50P VoIP phone with firmware 50.0.6.156 allows an authenticated remote attacker in the same network to trigger OS commands via shell metacharacters in a POST request. | ||||
| CVE-2019-12323 | 1 Hostingcontroller | 1 Hc10 | 2024-11-21 | N/A |
| The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS. | ||||
| CVE-2019-12298 | 1 Leanify Project | 1 Leanify | 2024-11-21 | N/A |
| Leanify 0.4.3 allows remote attackers to trigger an out-of-bounds write (1024 bytes) via a modified input file. | ||||
| CVE-2019-12272 | 1 Openwrt | 1 Luci | 2024-11-21 | N/A |
| In OpenWrt LuCI through 0.10, the endpoints admin/status/realtime/bandwidth_status and admin/status/realtime/wireless_status of the web application are affected by a command injection vulnerability. | ||||
| CVE-2019-12266 | 1 Wyze | 6 Cam Pan V2, Cam Pan V2 Firmware, Cam V2 and 3 more | 2024-11-21 | 7.6 High |
| Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. | ||||
| CVE-2019-12263 | 5 Belden, Netapp, Siemens and 2 more | 50 Garrettcom Magnum Dx940e, Garrettcom Magnum Dx940e Firmware, Hirschmann Dragon Mach4000 and 47 more | 2024-11-21 | 8.1 High |
| Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. | ||||
| CVE-2019-12221 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. | ||||
| CVE-2019-12216 | 4 Canonical, Debian, Fedoraproject and 1 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c. | ||||
| CVE-2019-12211 | 2 Canonical, Freeimage Project | 2 Ubuntu Linux, Freeimage | 2024-11-21 | 7.5 High |
| When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow. | ||||
| CVE-2019-12208 | 1 F5 | 1 Njs | 2024-11-21 | N/A |
| njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. | ||||
| CVE-2019-12206 | 1 F5 | 1 Njs | 2024-11-21 | N/A |
| njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. | ||||
| CVE-2019-12181 | 1 Solarwinds | 2 Serv-u Ftp Server, Serv-u Mft Server | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux. | ||||
| CVE-2019-12158 | 1 Gohttp Project | 1 Gohttp | 2024-11-21 | N/A |
| GoHTTP through 2017-07-25 has a GetExtension heap-based buffer overflow via a long extension. | ||||
| CVE-2019-12132 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/dgUpload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected. | ||||
| CVE-2019-12123 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 8.8 High |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsXml with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | ||||
| CVE-2019-12113 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 8.8 High |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/printAsGv with a crafted module parameter, an authenticated user can execute an arbitrary command. All SDC setups that include admportal are affected. | ||||
| CVE-2019-12112 | 1 Onap | 1 Open Network Automation Platform | 2024-11-21 | 9.8 Critical |
| An issue was discovered in ONAP SDNC before Dublin. By executing sla/upload with a crafted filename parameter, an unauthenticated attacker can execute an arbitrary command. All SDC setups that include admportal are affected. | ||||