Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 42196 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (42196 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11734 | 1 Mozilla | 1 Firefox | 2024-11-21 | 9.8 Critical |
| Mozilla developers and community members reported memory safety bugs present in Firefox 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69. | ||||
| CVE-2019-11721 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-11-21 | 6.5 Medium |
| The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox < 68. | ||||
| CVE-2019-11720 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-11-21 | 6.1 Medium |
| Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68. | ||||
| CVE-2019-11718 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-11-21 | 5.3 Medium |
| Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access to other information available to the Activity Stream, such as browsing history, if the Snipper Service were compromised. This vulnerability affects Firefox < 68. | ||||
| CVE-2019-11710 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2024-11-21 | 9.8 Critical |
| Mozilla developers and community members reported memory safety bugs present in Firefox 67. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 68. | ||||
| CVE-2019-11705 | 2 Mozilla, Redhat | 2 Thunderbird, Enterprise Linux | 2024-11-21 | 9.8 Critical |
| A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. | ||||
| CVE-2019-11704 | 2 Mozilla, Redhat | 2 Thunderbird, Enterprise Linux | 2024-11-21 | 9.8 Critical |
| A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. | ||||
| CVE-2019-11703 | 2 Mozilla, Redhat | 2 Thunderbird, Enterprise Linux | 2024-11-21 | 9.8 Critical |
| A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1. | ||||
| CVE-2019-11683 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 9.8 Critical |
| udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue. | ||||
| CVE-2019-11638 | 1 Gnu | 1 Recutils | 2024-11-21 | N/A |
| An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_field_name_equal_p at rec-field-name.c in librec.a, leading to a crash. | ||||
| CVE-2019-11637 | 1 Gnu | 1 Recutils | 2024-11-21 | N/A |
| An issue was discovered in GNU recutils 1.8. There is a NULL pointer dereference in the function rec_rset_get_props at rec-rset.c in librec.a, leading to a crash. | ||||
| CVE-2019-11618 | 1 Doorgets | 1 Doorgets Cms | 2024-11-21 | N/A |
| doorGets 7.0 has a default administrator credential vulnerability. A remote attacker can use this vulnerability to gain administrator privileges for the creation and modification of articles via an H0XZlT44FcN1j9LTdFc5XRXhlF30UaGe1g3cZY6i1K9 access_token in a uri=blog&action=index&controller=blog action to /api/index.php. | ||||
| CVE-2019-11598 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2024-11-21 | N/A |
| In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-read in the function WritePNMImage of coders/pnm.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. This is related to SetGrayscaleImage in MagickCore/quantize.c. | ||||
| CVE-2019-11597 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2024-11-21 | N/A |
| In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in the function WriteTIFFImage of coders/tiff.c, which allows an attacker to cause a denial of service or possibly information disclosure via a crafted image file. | ||||
| CVE-2019-11579 | 2 Debian, Dhcpcd Project | 2 Debian Linux, Dhcpcd | 2024-11-21 | 5.3 Medium |
| dhcp.c in dhcpcd before 7.2.1 contains a 1-byte read overflow with DHO_OPTSOVERLOADED. | ||||
| CVE-2019-11577 | 1 Dhcpcd Project | 1 Dhcpcd | 2024-11-21 | N/A |
| dhcpcd before 7.2.1 contains a buffer overflow in dhcp6_findna in dhcp6.c when reading NA/TA addresses. | ||||
| CVE-2019-11547 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.1 Medium |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It has Improper Encoding or Escaping of Output. The branch name on new merge request notification emails isn't escaped, which could potentially lead to XSS issues. | ||||
| CVE-2019-11493 | 1 Verypdf | 1 Verypdf | 2024-11-21 | N/A |
| VeryPDF 4.1 has a Memory Overflow leading to Code Execution because pdfocx!CxImageTIF::operator in pdfocx.ocx (used by pdfeditor.exe and pdfcmd.exe) is mishandled. | ||||
| CVE-2019-11484 | 2 Canonical, Whoopsie Project | 2 Ubuntu Linux, Whoopsie | 2024-11-21 | 6.3 Medium |
| Kevin Backhouse discovered an integer overflow in bson_ensure_space, as used in whoopsie. | ||||
| CVE-2019-11477 | 6 Canonical, F5, Ivanti and 3 more | 29 Ubuntu Linux, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 26 more | 2024-11-21 | 7.5 High |
| Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff. | ||||