Export limit exceeded: 208118 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 208371 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (208438 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-15368 1 Asrock 2 Rgb Driver, Rgb Driver Firmware 2026-05-28 6.1 Medium
AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.
CVE-2021-22897 5 Haxx, Netapp, Oracle and 2 more 30 Curl, Cloud Backup, H300e and 27 more 2026-05-28 5.3 Medium
curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.
CVE-2021-31946 1 Microsoft 1 Paint 3d 2026-05-28 7.8 High
Paint 3D Remote Code Execution Vulnerability
CVE-2021-31944 1 Microsoft 1 3d Viewer 2026-05-28 5 Medium
3D Viewer Information Disclosure Vulnerability
CVE-2021-31942 1 Microsoft 1 3d Viewer 2026-05-28 7.8 High
3D Viewer Remote Code Execution Vulnerability
CVE-2021-28465 1 Microsoft 1 Web Media Extensions 2026-05-28 7.8 High
Web Media Extensions Remote Code Execution Vulnerability
CVE-2021-28464 1 Microsoft 1 Vp9 Video Extensions 2026-05-28 7.8 High
VP9 Video Extensions Remote Code Execution Vulnerability
CVE-2021-26701 3 Fedoraproject, Microsoft, Redhat 8 Fedora, .net, .net Core and 5 more 2026-05-28 8.1 High
.NET Core Remote Code Execution Vulnerability
CVE-2021-1721 2 Microsoft, Redhat 7 .net, .net Core, Powershell Core and 4 more 2026-05-28 6.5 Medium
.NET Core and Visual Studio Denial of Service Vulnerability
CVE-2019-7317 11 Canonical, Debian, Hp and 8 more 35 Ubuntu Linux, Debian Linux, Xp7 Command View and 32 more 2026-05-28 5.3 Medium
png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2019-6109 9 Canonical, Debian, Fedoraproject and 6 more 28 Ubuntu Linux, Debian Linux, Fedora and 25 more 2026-05-28 6.8 Medium
An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c.
CVE-2019-19378 1 Linux 1 Linux Kernel 2026-05-28 7.8 High
In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c.
CVE-2019-18197 5 Canonical, Debian, Linux and 2 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2026-05-28 7.5 High
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
CVE-2019-17571 7 Apache, Canonical, Debian and 4 more 26 Bookkeeper, Log4j, Ubuntu Linux and 23 more 2026-05-28 9.8 Critical
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
CVE-2019-16230 1 Linux 1 Linux Kernel 2026-05-28 4.7 Medium
drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference. NOTE: A third-party software maintainer states that the work queue allocation is happening during device initialization, which for a graphics card occurs during boot. It is not attacker controllable and OOM at that time is highly unlikely
CVE-2019-16168 9 Canonical, Debian, Fedoraproject and 6 more 21 Ubuntu Linux, Debian Linux, Fedora and 18 more 2026-05-28 6.5 Medium
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
CVE-2019-15213 3 Linux, Netapp, Opensuse 8 Linux Kernel, Active Iq Unified Manager, Data Availability Services and 5 more 2026-05-28 4.6 Medium
An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.
CVE-2019-13721 2 Google, Redhat 2 Chrome, Rhel Extras 2026-05-28 8.8 High
Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-13118 7 Apple, Canonical, Fedoraproject and 4 more 25 Icloud, Iphone Os, Itunes and 22 more 2026-05-28 5.3 Medium
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
CVE-2019-13117 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2026-05-28 5.3 Medium
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.