| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2019-25001 | An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can ca... | E | |
| CVE-2019-25002 | An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq comp... | S | |
| CVE-2019-25003 | An issue was discovered in the libsecp256k1 crate before 0.3.1 for Rust. Scalar::check_overflow allo... | | |
| CVE-2019-25004 | An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reint... | E | |
| CVE-2019-25005 | An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ChaCha20 counter overflow mak... | | |
| CVE-2019-25006 | An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can ... | E | |
| CVE-2019-25007 | An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can ... | E | |
| CVE-2019-25008 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-25574. Reason: This candidat... | R | |
| CVE-2019-25009 | An issue was discovered in the http crate before 0.1.20 for Rust. The HeaderMap::Drain API can use a... | | |
| CVE-2019-25010 | An issue was discovered in the failure crate through 2019-11-13 for Rust. Type confusion can occur w... | S | |
| CVE-2019-25011 | NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GF... | E | |
| CVE-2019-25012 | The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by vis... | | |
| CVE-2019-25013 | The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid mu... | S | |
| CVE-2019-25014 | A NULL pointer dereference was found in pkg/proxy/envoy/v2/debug.go getResourceVersion in Istio pilo... | S | |
| CVE-2019-25015 | LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID.... | E S | |
| CVE-2019-25016 | In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated execu... | E S | |
| CVE-2019-25017 | An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being d... | E | |
| CVE-2019-25018 | In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access res... | E | |
| CVE-2019-25019 | LimeSurvey before 4.0.0-RC4 allows SQL injection via the participant model.... | | |
| CVE-2019-25020 | An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authenticat... | E | |
| CVE-2019-25021 | An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an at... | E | |
| CVE-2019-25022 | An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creati... | E | |
| CVE-2019-25023 | An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (w... | E | |
| CVE-2019-25024 | OpenRepeater (ORP) before 2.2 allows unauthenticated command injection via shell metacharacters in t... | E | |
| CVE-2019-25025 | The activerecord-session_store (aka Active Record Session Store) component through 1.1.3 for Ruby on... | S | |
| CVE-2019-25026 | Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting.... | | |
| CVE-2019-25027 | Reflected cross-site scripting in default RouteNotFoundError view in Vaadin 10 and 11-13 | S | |
| CVE-2019-25028 | Stored cross-site scripting in Grid component in Vaadin 7 and 8 | S | |
| CVE-2019-25029 | In Versa Director, the command injection is an attack in which the goal is execution of arbitrary co... | | |
| CVE-2019-25030 | In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic... | | |
| CVE-2019-25031 | Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successfu... | | |
| CVE-2019-25032 | Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: ... | | |
| CVE-2019-25033 | Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NO... | | |
| CVE-2019-25034 | Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an ou... | S | |
| CVE-2019-25035 | Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor dispute... | | |
| CVE-2019-25036 | Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The ven... | S | |
| CVE-2019-25037 | Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an inva... | S | |
| CVE-2019-25038 | Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: ... | S | |
| CVE-2019-25039 | Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The ... | S | |
| CVE-2019-25040 | Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vend... | S | |
| CVE-2019-25041 | Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The ... | S | |
| CVE-2019-25042 | Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The ve... | | |
| CVE-2019-25043 | ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a "string index o... | E | |
| CVE-2019-25044 | The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary c... | E S | |
| CVE-2019-25045 | An issue was discovered in the Linux kernel before 5.0.19. The XFRM subsystem has a use-after-free, ... | E S | |
| CVE-2019-25046 | The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS vi... | M | |
| CVE-2019-25047 | Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS durin... | E S | |
| CVE-2019-25048 | LibreSSL 2.9.1 through 3.2.1 has a heap-based buffer over-read in do_print_ex (called from asn1_item... | E S | |
| CVE-2019-25049 | LibreSSL 2.9.1 through 3.2.1 has an out-of-bounds read in asn1_item_print_ctx (called from asn1_temp... | E S | |
| CVE-2019-25050 | netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4_get_att (called from nc4... | S | |
| CVE-2019-25051 | objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called... | S | |
| CVE-2019-25052 | In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call updat... | S | |
| CVE-2019-25053 | A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unau... | | |
| CVE-2019-25054 | An issue was discovered in the pnet crate before 0.27.2 for Rust. There is a segmentation fault (upo... | | |
| CVE-2019-25055 | An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic t... | S | |
| CVE-2019-25056 | In Bromite through 78.0.3904.130, there are adblock rules in the release APK; therefore, probing whi... | | |
| CVE-2019-25057 | In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled Custo... | | |
| CVE-2019-25058 | An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, ... | E S | |
| CVE-2019-25059 | Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an inc... | | |
| CVE-2019-25060 | WP-GraphQL < 0.3.5 - Improper Access Control | E | |
| CVE-2019-25061 | The random_password_generator (aka RandomPasswordGenerator) gem through 1.0.0 for Ruby uses Kernel#r... | E | |
| CVE-2019-25062 | Sricam IP CCTV Camera Device Viewer stack-based overflow | | |
| CVE-2019-25063 | Sricam IP CCTV Camera Device Viewer memory corruption | | |
| CVE-2019-25064 | CoreHR Core Portal cross-site request forgery | | |
| CVE-2019-25065 | OpenNetAdmin os command injection | E | |
| CVE-2019-25066 | ajenti API privileges management | E S | |
| CVE-2019-25067 | Podman/Varlink API Privilege Escalation | E | |
| CVE-2019-25068 | Axios Italia Axios RE Connection REDefault.aspx privileges management | | |
| CVE-2019-25069 | Axios Italia Axios RE Error Message ASP.NET information disclosure | | |
| CVE-2019-25070 | WolfCMS User Add cross site scripting | E | |
| CVE-2019-25071 | Apple iOS Siri Self privileges management | | |
| CVE-2019-25072 | Uncontrolled resource consumption in github.com/tendermint/tendermint | S | |
| CVE-2019-25073 | Path traversal in github.com/goadesign/goa | E S | |
| CVE-2019-25075 | HTML injection combined with path traversal in the Email service in Gravitee API Management before 1... | | |
| CVE-2019-25076 | The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote at... | E | |
| CVE-2019-25078 | pacparser pacparser.c pacparser_find_proxy buffer overflow | E S | |
| CVE-2019-25079 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2019-25080 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2019-25081 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2019-25082 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2019-25083 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2019-25084 | Hide Files on GitHub options.js addEventListener cross site scripting | S | |
| CVE-2019-25085 | GNOME gvdb gvdb-builder.c gvdb_table_write_contents_async use after free | S | |
| CVE-2019-25086 | IET-OU Open Media Player timedtext.php webvtt cross site scripting | S | |
| CVE-2019-25087 | RamseyK httpserver URI ResourceHost.cpp getResource path traversal | S | |
| CVE-2019-25088 | ytti Oxidized Web conf_search.haml cross site scripting | S | |
| CVE-2019-25089 | Morgawr Muon handler.clj random values | S | |
| CVE-2019-25090 | FreePBX arimanager Views cross site scripting | S | |
| CVE-2019-25091 | nsupdate.info CSRF Cookie base.py cookie httponly flag | S | |
| CVE-2019-25092 | Nakiami Mellivora Admin Panel user.inc.php print_user_ip_log cross site scripting | S | |
| CVE-2019-25093 | dragonexpert Recent Threads on Index Setting hooks.php recentthread_list_threads cross site scripting | S | |
| CVE-2019-25094 | innologi appointments Extension Appointment cross site scripting | S | |
| CVE-2019-25095 | kakwa LdapCherry URL cross site scripting | S | |
| CVE-2019-25096 | soerennb eXtplorer cross site scripting | S | |
| CVE-2019-25097 | soerennb eXtplorer Directory Content path traversal | S | |
| CVE-2019-25098 | soerennb eXtplorer Archive archive.php path traversal | S | |
| CVE-2019-25099 | Arthmoor QSF-Portal index.php path traversal | S | |
| CVE-2019-25100 | happyman twmap pointdata2.php sql injection | S | |
| CVE-2019-25101 | OnShift TurboGears HTTP Header controllers.py response splitting | S | |
| CVE-2019-25102 | simple-markdown simple-markdown.js redos | E S | |
| CVE-2019-25103 | simple-markdown simple-markdown.js redos | S | |
| CVE-2019-25104 | rtcwcoop Team Command ai_cast_script.c AICast_ScriptLoad denial of service | E S | |
| CVE-2019-25105 | dro.pm fileman.php cross site scripting | S | |
| CVE-2019-25136 | A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in... | | |
| CVE-2019-25137 | Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated admini... | E | |
| CVE-2019-25138 | The User Submitted Posts plugin for WordPress is vulnerable to arbitrary file uploads due to missing... | E | |
| CVE-2019-25139 | The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthenticated settin... | E S | |
| CVE-2019-25140 | The WordPress Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to Stored Cross... | E S | |
| CVE-2019-25141 | The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and i... | E S | |
| CVE-2019-25142 | The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in ve... | E S | |
| CVE-2019-25143 | The GDPR Cookie Compliance plugin for WordPress is vulnerable to authorization bypass due to a missi... | E | |
| CVE-2019-25144 | The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and includi... | E | |
| CVE-2019-25145 | The Contact Form & SMTP Plugin by PirateForms plugin for WordPress is vulnerable to HTML injection i... | E | |
| CVE-2019-25146 | The DELUCKS SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saveSettin... | E S | |
| CVE-2019-25147 | The Pretty Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via various IP he... | E S | |
| CVE-2019-25148 | The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and includi... | E | |
| CVE-2019-25149 | The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versio... | E | |
| CVE-2019-25150 | The Email Templates plugin for WordPress is vulnerable to HTML Injection in versions up to, and incl... | E | |
| CVE-2019-25151 | The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capab... | E | |
| CVE-2019-25152 | The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress... | E S | |
| CVE-2019-25154 | Inappropriate implementation in iframe in Google Chrome prior to 77.0.3865.75 allowed a remote attac... | | |
| CVE-2019-25155 | DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because link... | S | |
| CVE-2019-25156 | dstar2018 Agency search.php cross site scripting | S | |
| CVE-2019-25157 | Ethex Contracts Monthly Jackpot EthexJackpot.sol access control | E S | |
| CVE-2019-25158 | pedroetb tts-api app.js onSpeechDone os command injection | S | |
| CVE-2019-25159 | mpedraza2020 Intranet del Monterroso cargos.php sql injection | S | |
| CVE-2019-25160 | netlabel: fix out-of-bounds memory accesses | S | |
| CVE-2019-25161 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.... | R | |
| CVE-2019-25162 | i2c: Fix a potential use after free | S | |
| CVE-2019-25210 | An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays... | | |
| CVE-2019-25211 | parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an ... | | |
| CVE-2019-25212 | video carousel slider with lightbox <= 1.0.6 - Authenticated (Admin+) SQL Injection | S | |
| CVE-2019-25213 | Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read | S | |
| CVE-2019-25214 | ShopWP <= 2.0.4 - Missing Authorization to Stored Cross-Site Scripting | | |
| CVE-2019-25215 | ARI-Adminer <= 1.1.14 - Missing Authorization and No Direct File Access Restrictions | | |
| CVE-2019-25216 | Rich Reviews <= 1.7.4 - Stored Cross-Site Scripting | | |
| CVE-2019-25217 | SiteGround Optimizer <= 5.0.12 - Missing Authorization | | |
| CVE-2019-25218 | Photo Gallery Slideshow & Masonry Tiled Gallery <= 1.0.3 - Authenticated (Admin+) SQL Injection | | |
| CVE-2019-25219 | Asio C++ Library before 1.13.0 lacks a fallback error code in the case of SSL_ERROR_SYSCALL with no ... | | |
| CVE-2019-25220 | Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a... | | |
| CVE-2019-25221 | Responsive Filterable Portfolio <=1.0.8 - Authenticated (Admin+) SQL Injection | | |
| CVE-2019-25222 | Thumbnail carousel slider <= 1.0.4 - Authenticated (Admin+) SQL Injection | | |
| CVE-2019-25223 | Team Circle Image Slider With Lightbox <= 1.0.4 - Authenticated (Admin+) SQL Injection | |