Search Results (83483 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-9209 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2024-11-21 5.5 Medium
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.
CVE-2019-9207 1 Paessler 1 Prtg Network Monitor 2024-11-21 6.1 Medium
PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This product is discontinued.
CVE-2019-9206 1 Paessler 1 Prtg Network Monitor 2024-11-21 6.1 Medium
PRTG Network Monitor v7.1.3.3378 allows XSS via the /public/login.htm errormsg or loginurl parameter. NOTE: This product is discontinued.
CVE-2019-9200 4 Canonical, Debian, Freedesktop and 1 more 4 Ubuntu Linux, Debian Linux, Poppler and 1 more 2024-11-21 N/A
A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVE-2019-9197 2 Microsoft, Unity3d 2 Windows, Unity Editor 2024-11-21 8.8 High
The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code.
CVE-2019-9194 1 Std42 1 Elfinder 2024-11-21 N/A
elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.
CVE-2019-9193 1 Postgresql 1 Postgresql 2024-11-21 N/A
In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_server_program' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for ‘COPY TO/FROM PROGRAM’ is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the ‘COPY FROM PROGRAM’.
CVE-2019-9183 2 Contiki-ng, Contiki-os 2 Contiki-ng, Contiki 2024-11-21 7.5 High
An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame.
CVE-2019-9168 1 Woocommerce 1 Woocommerce 2024-11-21 N/A
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.
CVE-2019-9167 1 Nagios 1 Nagios Xi 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter.
CVE-2019-9166 1 Nagios 1 Nagios Xi 2024-11-21 7.8 High
Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and import_xiconfig.php.
CVE-2019-9164 1 Nagios 1 Nagios Xi 2024-11-21 8.8 High
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job.
CVE-2019-9162 3 Canonical, Linux, Netapp 7 Ubuntu Linux, Linux Kernel, Cn1610 and 4 more 2024-11-21 7.8 High
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.
CVE-2019-9161 1 Xinruidz 2 Sundray Wan Controller, Sundray Wan Controller Firmware 2024-11-21 N/A
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to read an etc/config/wac/wns_cfg_admin_detail.xml file containing the admin password. (The password for root is the WebUI admin password concatenated with a static string.)
CVE-2019-9160 1 Xinruidz 2 Sundray Wan Controller, Sundray Wan Controller Firmware 2024-11-21 N/A
WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).
CVE-2019-9156 1 Gemalto 1 Ezio Ds3 Server 2024-11-21 N/A
Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection.
CVE-2019-9145 1 Hsycms 1 Hsycms 2024-11-21 N/A
An issue was discovered in Hsycms V1.1. There is an XSS vulnerability via the name field to the /book page.
CVE-2019-9142 1 B3log 1 Symphony 2024-11-21 N/A
An issue was discovered in b3log Symphony (aka Sym) before v3.4.7. XSS exists via the userIntro and userNickname fields to processor/SettingsProcessor.java.
CVE-2019-9136 1 Datools 1 Daviewindy 2024-11-21 7.8 High
DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
CVE-2019-9135 1 Datools 1 Daviewindy 2024-11-21 7.8 High
DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed DIB format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.