Export limit exceeded: 35281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20396 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-5048 | 1 Gonitro | 1 Nitropdf | 2024-11-21 | 7.8 High |
| A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | ||||
| CVE-2019-5046 | 1 Gonitro | 1 Nitropdf | 2024-11-21 | 7.8 High |
| A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | ||||
| CVE-2019-5045 | 1 Gonitro | 1 Nitropdf | 2024-11-21 | 7.8 High |
| A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | ||||
| CVE-2019-5041 | 1 Aspose | 1 Aspose.words | 2024-11-21 | 8.8 High |
| An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger this vulnerability. | ||||
| CVE-2019-5039 | 1 Openweave | 1 Openweave-core | 2024-11-21 | 8.8 High |
| An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability. | ||||
| CVE-2019-5038 | 1 Openweave | 1 Openweave-core | 2024-11-21 | 8.8 High |
| An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted Weave command. | ||||
| CVE-2019-5030 | 1 Antennahouse | 1 Rainbow Pdf Office Server Document Converter | 2024-11-21 | 8.8 High |
| A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution. | ||||
| CVE-2019-5029 | 1 Exhibitor Project | 1 Exhibitor | 2024-11-21 | 9.8 Critical |
| An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker can execute any command as the user running the Exhibitor process. | ||||
| CVE-2019-5019 | 1 Rainbowpdf | 1 Office Server Document Converter | 2024-11-21 | 9.8 Critical |
| A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the getSummaryInformation function is incorrectly checking the correlation between size and the number of properties in PropertySet packets, causing an out-of-bounds write that leads to heap corruption and consequent code execution. | ||||
| CVE-2019-5005 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2024-11-21 | N/A |
| An issue was discovered in Foxit Reader and PhantomPDF before 9.4 on Windows. They allowed Denial of Service (application crash) via image data, because two bytes are written to the end of the allocated memory without judging whether this will cause corruption. | ||||
| CVE-2019-4715 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 8.8 High |
| IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093. | ||||
| CVE-2019-4294 | 1 Ibm | 2 Datapower Gateway, Mq Appliance | 2024-11-21 | 7.8 High |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.6, 7.6.0.0 through 7.6.0.15 and IBM MQ Appliance 8.0.0.0 through 8.0.0.12, 9.1.0.0 through 9.1.0.2, and 9.1.1 through 9.1.2 could allow a local attacker to execute arbitrary commands on the system, caused by a command injection vulnerability. IBM X-Force ID: 16188. | ||||
| CVE-2019-4202 | 1 Ibm | 1 Api Connect | 2024-11-21 | 10.0 Critical |
| IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123. | ||||
| CVE-2019-4087 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-11-21 | 9.8 Critical |
| IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by servers and storage agents in response to specifically crafted communication exchanges. By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash. IBM X-Force ID: 157510. | ||||
| CVE-2019-3999 | 2 Druva, Microsoft | 2 Insync Client, Windows | 2024-11-21 | 7.8 High |
| Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. | ||||
| CVE-2019-3989 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2024-11-21 | 9.8 Critical |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data. | ||||
| CVE-2019-3988 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2024-11-21 | 8.8 High |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter. | ||||
| CVE-2019-3987 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2024-11-21 | 8.8 High |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter. | ||||
| CVE-2019-3986 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2024-11-21 | 8.8 High |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter. | ||||
| CVE-2019-3985 | 1 Amazon | 2 Blink Xt2 Sync Module, Blink Xt2 Sync Module Firmware | 2024-11-21 | 8.8 High |
| Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter. | ||||