Export limit exceeded: 15284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (15284 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1010022 | 1 Gnu | 1 Glibc | 2024-11-21 | N/A |
| GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat. | ||||
| CVE-2019-0971 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2024-11-21 | N/A |
| An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'. | ||||
| CVE-2019-0956 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2024-11-21 | N/A |
| An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'. | ||||
| CVE-2019-0857 | 1 Microsoft | 1 Azure Devops Server | 2024-11-21 | N/A |
| A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'. | ||||
| CVE-2019-0613 | 1 Microsoft | 10 .net Framework, Visual Studio 2017, Windows 10 and 7 more | 2024-11-21 | N/A |
| A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework and Visual Studio Remote Code Execution Vulnerability'. | ||||
| CVE-2019-0170 | 1 Intel | 1 Converged Security Management Engine Firmware | 2024-11-21 | N/A |
| Buffer overflow in subsystem in Intel(R) DAL before version 12.0.35 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-0153 | 1 Intel | 1 Converged Security Management Engine Firmware | 2024-11-21 | N/A |
| Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2019-0152 | 1 Intel | 260 Xeon Bronze 3104, Xeon Bronze 3104 Firmware, Xeon Bronze 3106 and 257 more | 2024-11-21 | 6.7 Medium |
| Insufficient memory protection in System Management Mode (SMM) and Intel(R) TXT for certain Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-0151 | 1 Intel | 888 Core I5-5300u, Core I5-5300u Firmware, Core I5-5350u and 885 more | 2024-11-21 | 6.7 Medium |
| Insufficient memory protection in Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-0119 | 1 Intel | 184 Hns2400lp, Hns2400lp Firmware, Hns2600bpb and 181 more | 2024-11-21 | N/A |
| Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) Processor D Family, Intel(R) Xeon(R) Scalable Processor, Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. | ||||
| CVE-2019-0113 | 1 Intel | 1 Graphics Driver | 2024-11-21 | N/A |
| Insufficient bounds checking in Intel(R) Graphics Drivers before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable a denial of service via local access. | ||||
| CVE-2018-9974 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-5895. | ||||
| CVE-2018-9949 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIFF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5473. | ||||
| CVE-2018-9947 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5472. | ||||
| CVE-2018-9533 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112766520 | ||||
| CVE-2018-9516 | 4 Canonical, Debian, Google and 1 more | 5 Ubuntu Linux, Debian Linux, Android and 2 more | 2024-11-21 | N/A |
| In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580. | ||||
| CVE-2018-9515 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A | ||||
| CVE-2018-9363 | 5 Canonical, Debian, Google and 2 more | 6 Ubuntu Linux, Debian Linux, Android and 3 more | 2024-11-21 | 8.4 High |
| In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel. | ||||
| CVE-2018-9284 | 1 Dlink | 2 Dir-868l, Singapore Starhub Firmware | 2024-11-21 | 9.8 Critical |
| authentication.cgi on D-Link DIR-868L devices with Singapore StarHub firmware before v1.21SHCb03 allows remote attackers to execute arbitrary code. | ||||
| CVE-2018-9246 | 2 Ledgersmb, Pgobject-util-dbadmin Project | 2 Ledgersmb, Pgobject-util-dbadmin | 2024-11-21 | N/A |
| The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application. | ||||