Export limit exceeded: 364785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 21125 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (21125 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-16733 2 Petwant, Skymee 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more 2024-11-21 9.8 Critical
processCommandSetUid() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
CVE-2019-16730 2 Petwant, Skymee 4 Pf-103, Pf-103 Firmware, Petalk Ai and 1 more 2024-11-21 9.8 Critical
processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to execute arbitrary system commands as the root user.
CVE-2019-16718 1 Radare 1 Radare2 2024-11-21 7.8 High
In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables.
CVE-2019-16701 1 Netgate 1 Pfsense 2024-11-21 8.8 High
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_php call containing shell metacharacters in a parameter value.
CVE-2019-16663 1 Rconfig 1 Rconfig 2024-11-21 8.8 High
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to search.crud.php because the catCommand parameter is passed to the exec function without filtering, which can lead to command execution.
CVE-2019-16662 1 Rconfig 1 Rconfig 2024-11-21 9.8 Critical
An issue was discovered in rConfig 3.9.2. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution.
CVE-2019-16470 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2024-11-21 7.8 High
Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2019-16454 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2024-11-21 9.8 Critical
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-16451 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2024-11-21 9.8 Critical
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-16450 3 Adobe, Apple, Microsoft 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more 2024-11-21 9.8 Critical
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-16395 1 Gnucobol Project 1 Gnucobol 2024-11-21 7.8 High
GnuCOBOL 2.2 has a stack-based buffer overflow in the cb_name() function in cobc/tree.c via crafted COBOL source code.
CVE-2019-16366 1 Moddable 2 Moddable, Xs 2024-11-21 9.8 Critical
In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst.
CVE-2019-16352 1 Rockcarry 1 Ffjpeg 2024-11-21 6.5 Medium
ffjpeg before 2019-08-21 has a heap-based buffer overflow in jfif_load() at jfif.c.
CVE-2019-16347 1 Miniupnp Project 1 Ngiflib 2024-11-21 8.8 High
ngiflib 0.4 has a heap-based buffer overflow in WritePixels() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
CVE-2019-16346 1 Miniupnp Project 1 Ngiflib 2024-11-21 8.8 High
ngiflib 0.4 has a heap-based buffer overflow in WritePixel() in ngiflib.c when called from DecodeGifImg, because deinterlacing for small pictures is mishandled.
CVE-2019-16294 2 Notepad-plus-plus, Scintilla 2 Notepad\+\+, Scintilla 2024-11-21 7.8 High
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
CVE-2019-16293 1 Opmantek 1 Open-audit 2024-11-21 8.8 High
The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
CVE-2019-16277 1 Picoc Project 1 Picoc 2024-11-21 7.8 High
PicoC 2.1 has a heap-based buffer overflow in StringStrcpy in cstdlib/string.c when called from ExpressionParseFunctionCall in expression.c.
CVE-2019-16265 1 Codesys 2 Codesys, Eni Server 2024-11-21 9.8 Critical
CODESYS V2.3 ENI server up to V3.2.2.24 has a Buffer Overflow.
CVE-2019-16242 1 Alcatelmobile 2 Cingular Flip 2, Cingular Flip 2 Firmware 2024-11-21 6.8 Medium
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI.