Total
309476 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16162 | 1 K-takata | 1 Onigmo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Onigmo through 6.2.0 has an out-of-bounds read in parse_char_class because of missing codepoint validation in regenc.c. | |||||
| CVE-2019-16161 | 1 K-takata | 1 Onigmo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code_to_str because of fetch_token in regparse.c. | |||||
| CVE-2019-16160 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service. | |||||
| CVE-2019-16159 | 4 Debian, Fedoraproject, Nic and 1 more | 4 Debian Linux, Fedora, Bird and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed. | |||||
| CVE-2019-16157 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. | |||||
| CVE-2019-16156 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Input vulnerability in the Anomaly Detection Parameter Name in Fortinet FortiWeb 6.0.5, 6.2.0, and 6.1.1 may allow a remote unauthenticated attacker to perform a Cross Site Scripting attack (XSS). | |||||
| CVE-2019-16155 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
| A privilege escalation vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to overwrite system files as root with arbitrary content through system backup file via specially crafted "BackupConfig" type IPC client requests to the fctsched process. Further more, FortiClient for Linux 6.2.2 and below allow low privilege user write the system backup file under root privilege through GUI thus can cause root system file overwrite. | |||||
| CVE-2019-16154 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of input during web page generation in FortiAuthenticator WEB UI 6.0.0 may allow an unauthenticated user to perform a cross-site scripting attack (XSS) via a parameter of the logon page. | |||||
| CVE-2019-16153 | 1 Fortinet | 1 Fortisiem | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials. | |||||
| CVE-2019-16152 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| A Denial of service (DoS) vulnerability in FortiClient for Linux 6.2.1 and below may allow an user with low privilege to cause FortiClient processes running under root privilege crashes via sending specially crafted IPC client requests to the fctsched process due the nanomsg not been correctly validated. | |||||
| CVE-2019-16150 | 1 Fortinet | 1 Forticlient | 2024-11-21 | 5.0 MEDIUM | 5.5 MEDIUM |
| Use of a hard-coded cryptographic key to encrypt security sensitive data in local storage and configuration in FortiClient for Windows prior to 6.4.0 may allow an attacker with access to the local storage or the configuration backup file to decrypt the sensitive data via knowledge of the hard-coded key. | |||||
| CVE-2019-16148 | 1 Sakailms | 1 Sakai | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sakai through 12.6 allows XSS via a chat user name. | |||||
| CVE-2019-16147 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib. | |||||
| CVE-2019-16146 | 1 Getgophish | 1 Gophish | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Gophish through 0.8.0 allows XSS via a username. | |||||
| CVE-2019-16145 | 1 Padrinorb | 1 Padrino-contrib | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The breadcrumbs contributed module through 0.2.0 for Padrino Framework allows XSS via a caption. | |||||
| CVE-2019-16144 | 1 Generator-rs Project | 1 Generator-rs | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in the generator crate before 0.6.18 for Rust. Uninitialized memory is used by Scope, done, and yield_ during API calls. | |||||
| CVE-2019-16143 | 1 Blake2 | 1 Blake2-rust | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the blake2 crate before 0.8.1 for Rust. The BLAKE2b and BLAKE2s algorithms, when used with HMAC, produce incorrect results because the block sizes are half of the required sizes. | |||||
| CVE-2019-16142 | 1 Renderdocs-rs Project | 1 Renderdocs-rs | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the renderdoc crate before 0.5.0 for Rust. Multiple exposed methods take self by immutable reference, which is incompatible with a multi-threaded application. | |||||
| CVE-2019-16141 | 1 Once Cell Project | 1 Once Cell | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy. | |||||
| CVE-2019-16140 | 1 Isahc Project | 1 Isahc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the chttp crate before 0.1.3 for Rust. There is a use-after-free during buffer conversion. | |||||