U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
There are 243,472 matching records.
Displaying matches 120,481 through 120,500.
Vuln ID Summary CVSS Severity
CVE-2019-16718

In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables.

Published: September 23, 2019; 10:15:10 AM -0400 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-16714

In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.

Published: September 23, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2019-16713

ImageMagick 7.0.8-43 has a memory leak in coders/dot.c, as demonstrated by PingImage in MagickCore/constitute.c.

Published: September 23, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-16712

ImageMagick 7.0.8-43 has a memory leak in Huffman2DEncodeImage in coders/ps3.c, as demonstrated by WritePS3Image.

Published: September 23, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-16711

ImageMagick 7.0.8-40 has a memory leak in Huffman2DEncodeImage in coders/ps2.c.

Published: September 23, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-16710

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.

Published: September 23, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-16709

ImageMagick 7.0.8-35 has a memory leak in coders/dps.c, as demonstrated by XCreateImage.

Published: September 23, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-16708

ImageMagick 7.0.8-35 has a memory leak in magick/xwindow.c, related to XCreateImage.

Published: September 23, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-16707

Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.

Published: September 23, 2019; 8:15:10 AM -0400 		V4.0:(not available)
 V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-16706

kkcms v1.3 has a CSRF vulnerablity that can add an user account via admin/cms_user_add.php.

Published: September 23, 2019; 7:15:11 AM -0400 		V4.0:(not available)
 V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-16705

Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a.

Published: September 23, 2019; 1:15:10 AM -0400 		V4.0:(not available)
 V3.1: 9.1 CRITICAL
V2.0: 6.4 MEDIUM
CVE-2019-16704

admin/infoclass_update.php in PHPMyWind 5.6 has stored XSS.

Published: September 23, 2019; 12:15:10 AM -0400 		V4.0:(not available)
 V3.1: 4.8 MEDIUM
V2.0: 3.5 LOW
CVE-2019-16703

admin/infolist_add.php in PHPMyWind 5.6 has stored XSS.

Published: September 23, 2019; 12:15:10 AM -0400 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-16702

Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI.

Published: September 22, 2019; 11:15:10 PM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-16696

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit.php table parameter when action=add is used.

Published: September 22, 2019; 11:15:14 AM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-16695

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter.php table parameter when action=add is used.

Published: September 22, 2019; 11:15:14 AM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-16694

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/edit-result.php table parameter when action=add is used.

Published: September 22, 2019; 11:15:13 AM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-16693

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/order.php table parameter when action=add is used.

Published: September 22, 2019; 11:15:13 AM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2019-16692

phpIPAM 1.4 allows SQL injection via the app/admin/custom-fields/filter-result.php table parameter when action=add is used.

Published: September 22, 2019; 11:15:13 AM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-21018

Mastodon before 2.6.3 mishandles timeouts of incompletely established sessions.

Published: September 22, 2019; 11:15:13 AM -0400 		V4.0:(not available)
 V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH