Search Results (83155 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-13150 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-11-21 N/A
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication). The command injection exists in the key ip_addr.
CVE-2019-13149 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-11-21 N/A
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the key passwd in Routing RIP Settings.
CVE-2019-13148 1 Trendnet 2 Tew-827dru, Tew-827dru Firmware 2024-11-21 N/A
An issue was discovered in TRENDnet TEW-827DRU firmware before 2.05B11. There is a command injection in apply.cgi (exploitable with authentication) via the UDP Ports To Open in Add Gaming Rule.
CVE-2019-13146 1 Field Test Project 1 Field Test 2024-11-21 N/A
The field_test gem 0.3.0 for Ruby has unvalidated input. A method call that is expected to return a value from a certain set of inputs can be made to return any input, which can be dangerous depending on how applications use it. If an application treats arbitrary variants as trusted, this can lead to a variety of potential vulnerabilities like SQL injection or cross-site scripting (XSS).
CVE-2019-13142 1 Razer 1 Surround 2024-11-21 N/A
The RzSurroundVADStreamingService (RzSurroundVADStreamingService.exe) in Razer Surround 1.1.63.0 runs as the SYSTEM user using an executable located in %PROGRAMDATA%\Razer\Synapse\Devices\Razer Surround\Driver\. The DACL on this folder allows any user to overwrite contents of files in this folder, resulting in Elevation of Privilege.
CVE-2019-13139 2 Docker, Redhat 2 Docker, Rhel Extras Other 2024-11-21 N/A
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag.
CVE-2019-13137 3 Canonical, Debian, Imagemagick 3 Ubuntu Linux, Debian Linux, Imagemagick 2024-11-21 6.5 Medium
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadPSImage in coders/ps.c.
CVE-2019-13134 3 Imagemagick, Opensuse, Redhat 3 Imagemagick, Leap, Enterprise Linux 2024-11-21 5.5 Medium
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.
CVE-2019-13133 3 Imagemagick, Opensuse, Redhat 3 Imagemagick, Leap, Enterprise Linux 2024-11-21 5.5 Medium
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
CVE-2019-13132 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 9.8 Critical
In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due to a buffer overflow in the library. Users running public servers with the above configuration are highly encouraged to upgrade as soon as possible, as there are no known mitigations.
CVE-2019-13128 1 Dlink 2 Dir-823g, Dir-823g Firmware 2024-11-21 N/A
An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the IPAddress or Gateway field to SetStaticRouteSettings.
CVE-2019-13127 2 Draw, Jgraph 2 Draw.io Diagrams, Mxgraph 2024-11-21 N/A
An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js.
CVE-2019-13122 1 Ozlabs 1 Patchwork 2024-11-21 N/A
A Cross Site Scripting (XSS) vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msgid in templatetags/patch.py. Patchwork versions v2.1.4 and v2.0.4 will contain the fix.
CVE-2019-13115 5 Debian, F5, Fedoraproject and 2 more 7 Debian Linux, Traffix Systems Signaling Delivery Controller, Fedora and 4 more 2024-11-21 8.1 High
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.
CVE-2019-13112 5 Canonical, Debian, Exiv2 and 2 more 5 Ubuntu Linux, Debian Linux, Exiv2 and 2 more 2024-11-21 6.5 Medium
A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (crash due to an std::bad_alloc exception) via a crafted PNG image file.
CVE-2019-13085 1 Xnview 1 Xnview 2024-11-21 N/A
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000030ecfa.
CVE-2019-13084 1 Xnview 1 Xnview 2024-11-21 N/A
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x000000000026b739.
CVE-2019-13083 1 Xnview 1 Xnview 2024-11-21 N/A
XnView Classic 2.48 has a User Mode Write AV starting at xnview+0x0000000000384e2a.
CVE-2019-13081 1 Quest 1 Kace Systems Management Appliance 2024-11-21 5.4 Medium
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via the title field in the /common/ticket_associated_tickets.php service desk ticket functionality) that allows an authenticated user to execute arbitrary JavaScript in a service desk user's browser.
CVE-2019-13080 1 Quest 1 Kace Systems Management Appliance 2024-11-21 5.4 Medium
Quest KACE Systems Management Appliance Server Center 9.1.317 has an XSS vulnerability (via an SVG image and HTML file) that allows an authenticated user to execute arbitrary JavaScript in an administrator's browser.