Total
317720 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8377 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_ipv6_l4proto() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-8376 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in Tcpreplay 4.3.1. A NULL pointer dereference occurred in the function get_layer4_v6() located at get.c. This can be triggered by sending a crafted pcap file to the tcpreplay-edit binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-8375 | 3 Canonical, Opensuse, Webkitgtk | 4 Ubuntu Linux, Leap, Webkitgtk and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany). | |||||
| CVE-2019-8372 | 1 Lg | 1 Lha.sys | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| The LHA.sys driver before 1.1.1811.2101 in LG Device Manager exposes functionality that allows low-privileged users to read and write arbitrary physical memory via specially crafted IOCTL requests and elevate system privileges. This occurs because the device object has an associated symbolic link and an open DACL. | |||||
| CVE-2019-8371 | 1 Open-emr | 1 Openemr | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| OpenEMR v5.0.1-6 allows code execution. | |||||
| CVE-2019-8368 | 1 Open-emr | 1 Openemr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenEMR v5.0.1-6 allows XSS. | |||||
| CVE-2019-8363 | 1 Verydows | 1 Verydows | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value. | |||||
| CVE-2019-8362 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content). | |||||
| CVE-2019-8361 | 1 Responsive Video News Script Project | 1 Responsive Video News Script | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection. | |||||
| CVE-2019-8360 | 1 Themerig | 1 Find A Place Cms Directory | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter. | |||||
| CVE-2019-8359 | 2 Contiki-ng, Contiki-os | 2 Contiki-ng, Contiki | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. An out of bounds write is present in the data section during 6LoWPAN fragment re-assembly in the face of forged fragment offsets in os/net/ipv6/sicslowpan.c. | |||||
| CVE-2019-8358 | 1 Hiawatha-webserver | 1 Hiawatha | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| In Hiawatha before 10.8.4, a remote attacker is able to do directory traversal if AllowDotFiles is enabled. | |||||
| CVE-2019-8357 | 1 Sound Exchange Project | 1 Sound Exchange | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference. | |||||
| CVE-2019-8356 | 1 Sound Exchange Project | 1 Sound Exchange | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow. | |||||
| CVE-2019-8355 | 1 Sound Exchange Project | 1 Sound Exchange | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c. | |||||
| CVE-2019-8354 | 3 Canonical, Debian, Sound Exchange Project | 3 Ubuntu Linux, Debian Linux, Sound Exchange | 2024-11-21 | 4.3 MEDIUM | 5.0 MEDIUM |
| An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow. | |||||
| CVE-2019-8352 | 1 Bmc | 1 Patrol Agent | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network. | |||||
| CVE-2019-8351 | 1 Heimdalsecurity | 1 Thor | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Heimdal Thor Agent 2.5.17x before 2.5.173 does not verify X.509 certificates from TLS servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2019-8350 | 1 Simple | 1 Better Banking | 2024-11-21 | 2.1 LOW | 6.6 MEDIUM |
| The Simple - Better Banking application 2.45.0 through 2.45.3 (fixed in 2.46.0) for Android was affected by an information disclosure vulnerability that leaked the user's password to the keyboard autocomplete functionality. Third-party Android keyboards that capture the password may store this password in cleartext, or transmit the password to third-party services for keyboard customization purposes. A compromise of any datastore that contains keyboard autocompletion caches would result in the disclosure of the user's Simple Bank password. | |||||
| CVE-2019-8349 | 1 Htmly | 1 Htmly | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) destination parameter to delete feature; the (2) destination parameter to edit feature; (3) content parameter in the profile feature. | |||||