Количество 18 768
Количество 18 768
CVE-2019-17362
CVE-2019-16910
Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)
CVE-2019-16905
CVE-2019-16884
CVE-2019-16707
Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
CVE-2019-16276
CVE-2019-16275
CVE-2019-16255
CVE-2019-16254
CVE-2019-16201
CVE-2019-16168
CVE-2019-15961
CVE-2019-15903
In libexpat before 2.2.8 crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
CVE-2019-15847
CVE-2019-15845
CVE-2019-15485
Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php
CVE-2019-15484
Bolt before 3.6.10 has XSS via an image's alt or title field.
CVE-2019-15483
Bolt before 3.6.10 has XSS via a title that is mishandled in the system log
CVE-2019-1547
ECDSA remote timing attack
CVE-2019-15126
MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVSS3: 9.1 | 0% Низкий | около 4 лет назад | |
| CVE-2019-16910 Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.) | 1% Низкий | 5 месяцев назад | |
| CVSS3: 7.8 | 0% Низкий | больше 5 лет назад | |
| CVSS3: 7.5 | 1% Низкий | больше 4 лет назад | |
| CVE-2019-16707 Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx. | CVSS3: 6.5 | 1% Низкий | 5 месяцев назад |
| CVSS3: 7.5 | 11% Средний | больше 1 года назад | |
| CVSS3: 6.5 | 1% Низкий | больше 5 лет назад | |
| CVSS3: 8.1 | 1% Низкий | больше 5 лет назад | |
| CVSS3: 5.3 | 1% Низкий | больше 5 лет назад | |
| CVSS3: 7.5 | 1% Низкий | больше 5 лет назад | |
| CVSS3: 6.5 | 1% Низкий | больше 1 года назад | |
| CVSS3: 6.5 | 2% Низкий | больше 5 лет назад | |
| CVE-2019-15903 In libexpat before 2.2.8 crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. | CVSS3: 7.5 | 0% Низкий | около 4 лет назад |
| CVSS3: 7.5 | 1% Низкий | больше 5 лет назад | |
| CVSS3: 6.5 | 0% Низкий | больше 5 лет назад | |
| CVE-2019-15485 Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php | CVSS3: 6.1 | 0% Низкий | 4 месяца назад |
| CVE-2019-15484 Bolt before 3.6.10 has XSS via an image's alt or title field. | CVSS3: 6.1 | 0% Низкий | 4 месяца назад |
| CVE-2019-15483 Bolt before 3.6.10 has XSS via a title that is mishandled in the system log | CVSS3: 6.1 | 0% Низкий | 4 месяца назад |
| CVE-2019-1547 ECDSA remote timing attack | 0% Низкий | 5 месяцев назад | |
| CVE-2019-15126 MITRE: CVE-2019-15126 Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device | 9% Низкий | почти 3 года назад |
Уязвимостей на страницу