Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3305 | 1 Pixelpost | 1 Pixelpost | 2019-11-14 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in pixelpost 1.7.3 could allow remote attackers to change the admin password. | |||||
| CVE-2019-4652 | 2 Ibm, Linux | 2 Spectrum Protect Plus, Linux Kernel | 2019-11-14 | 3.6 LOW | 7.1 HIGH |
| IBM Spectrum Protect Plus 10.1.0 through 10.1.4 uses insecure file permissions on restored files and directories in Windows which could allow a local user to obtain sensitive information or perform unauthorized actions. IBM X-Force ID: 170963. | |||||
| CVE-2019-18421 | 1 Xen | 1 Xen | 2019-11-14 | 7.1 HIGH | 7.5 HIGH |
| An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations. There are issues with restartable PV type change operations. To avoid using shadow pagetables for PV guests, Xen exposes the actual hardware pagetables to the guest. In order to prevent the guest from modifying these page tables directly, Xen keeps track of how pages are used using a type system; pages must be "promoted" before being used as a pagetable, and "demoted" before being used for any other type. Xen also allows for "recursive" promotions: i.e., an operating system promoting a page to an L4 pagetable may end up causing pages to be promoted to L3s, which may in turn cause pages to be promoted to L2s, and so on. These operations may take an arbitrarily large amount of time, and so must be re-startable. Unfortunately, making recursive pagetable promotion and demotion operations restartable is incredibly complicated, and the code contains several races which, if triggered, can cause Xen to drop or retain extra type counts, potentially allowing guests to get write access to in-use pagetables. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All x86 systems with untrusted PV guests are vulnerable. HVM and PVH guests cannot exercise this vulnerability. | |||||
| CVE-2012-1572 | 2 Debian, Openstack | 2 Debian Linux, Keystone | 2019-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| OpenStack Keystone: extremely long passwords can crash Keystone by exhausting stack space | |||||
| CVE-2014-7143 | 1 Twistedmatrix | 1 Twisted | 2019-11-14 | 5.0 MEDIUM | 7.5 HIGH |
| Python Twisted 14.0 trustRoot is not respected in HTTP client | |||||
| CVE-2019-16205 | 1 Broadcom | 1 Brocade Sannav | 2019-11-14 | 4.3 MEDIUM | 8.8 HIGH |
| A vulnerability, in Brocade SANnav versions before v2.0, could allow remote attackers to brute-force a valid session ID. The vulnerability is due to an insufficiently random session ID for several post-authentication actions in the SANnav portal. | |||||
| CVE-2017-8001 | 2 Dell, Linux | 2 Emc Scaleio, Linux Kernel | 2019-11-14 | 2.1 LOW | 8.4 HIGH |
| An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the server where the script was executed to recover exposed credentials. | |||||
| CVE-2019-3426 | 1 Zte | 2 Zxupn-9000e, Zxupn-9000e Firmware | 2019-11-14 | 7.5 HIGH | 8.8 HIGH |
| The 9000EV5.0R1B12 version, and all earlier versions of ZTE product ZXUPN-9000E are impacted by the input validation vulnerability. An attacker could exploit this vulnerability for unauthorized operations. | |||||
| CVE-2019-1441 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-11-14 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Win32k Graphics Remote Code Execution Vulnerability'. | |||||
| CVE-2019-13543 | 1 Medtronic | 5 Valleylab Exchange Client, Valleylab Ft10 Energy Platform, Valleylab Ft10 Energy Platform Firmware and 2 more | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. | |||||
| CVE-2019-17327 | 1 Tmaxsoft | 1 Jeus | 2019-11-13 | 6.5 MEDIUM | 7.2 HIGH |
| JEUS 7 Fix#0~5 and JEUS 8Fix#0~1 versions contains a directory traversal vulnerability caused by improper input parameter check when uploading installation file in administration web page. That leads remote attacker to execute arbitrary code via uploaded file. | |||||
| CVE-2011-4625 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages. | |||||
| CVE-2013-1889 | 1 Mod Ruid2 Project | 1 Mod Ruid2 | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| mod_ruid2 before 0.9.8 improperly handles file descriptors which allows remote attackers to bypass security using a CGI script to break out of the chroot. | |||||
| CVE-2008-3278 | 1 Redhat | 2 Enterprise Linux, Frysk | 2019-11-13 | 4.6 MEDIUM | 7.8 HIGH |
| frysk packages through 2008-08-05 as shipped in Red Hat Enterprise Linux 5 are built with an insecure RPATH set in the ELF header of multiple binaries in /usr/bin/f* (e.g. fcore, fcatch, fstack, fstep, ...) shipped in the package. A local attacker can exploit this vulnerability by running arbitrary code as another user. | |||||
| CVE-2010-2450 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default 22) instead of chmoding the resulting file itself, so the generated private key is world readable by default. | |||||
| CVE-2016-10595 | 1 Jdf-sass Project | 1 Jdf-sass | 2019-11-13 | 9.3 HIGH | 8.1 HIGH |
| jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker controlled file if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2013-1771 | 1 Monkey-project | 1 Monkey | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| The web server Monkeyd produces a world-readable log (/var/log/monkeyd/master.log) on gentoo. | |||||
| CVE-2013-6364 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2019-11-13 | 6.8 MEDIUM | 8.8 HIGH |
| Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book | |||||
| CVE-2013-1809 | 2 Debian, Gambas Project | 2 Debian Linux, Gambas | 2019-11-13 | 6.4 MEDIUM | 7.5 HIGH |
| Gambas before 3.4.0 allows remote attackers to move or manipulate directory contents or perform symlink attacks due to the creation of insecure temporary directories. | |||||
| CVE-2018-9538 | 1 Google | 1 Android | 2019-11-13 | 7.2 HIGH | 7.8 HIGH |
| In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-112181526. | |||||
| CVE-2018-9547 | 1 Google | 1 Android | 2019-11-13 | 7.2 HIGH | 7.8 HIGH |
| In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-114223584. | |||||
| CVE-2018-9549 | 1 Google | 1 Android | 2019-11-13 | 9.3 HIGH | 7.8 HIGH |
| In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112160868. | |||||
| CVE-2018-9550 | 1 Google | 1 Android | 2019-11-13 | 9.3 HIGH | 7.8 HIGH |
| In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112660981. | |||||
| CVE-2018-9551 | 1 Google | 1 Android | 2019-11-13 | 9.3 HIGH | 7.8 HIGH |
| In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891548. | |||||
| CVE-2018-9553 | 1 Google | 1 Android | 2019-11-13 | 9.3 HIGH | 7.8 HIGH |
| In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116615297. | |||||
| CVE-2018-9555 | 1 Google | 1 Android | 2019-11-13 | 8.3 HIGH | 8.8 HIGH |
| In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112321180. | |||||
| CVE-2018-9558 | 1 Google | 1 Android | 2019-11-13 | 7.2 HIGH | 7.8 HIGH |
| In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC kernel with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112161557. | |||||
| CVE-2018-9560 | 1 Google | 1 Android | 2019-11-13 | 4.6 MEDIUM | 7.8 HIGH |
| In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-79946737. | |||||
| CVE-2018-9562 | 1 Google | 1 Android | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parameter size. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113164621. | |||||
| CVE-2018-9569 | 1 Google | 1 Android | 2019-11-13 | 9.3 HIGH | 8.8 HIGH |
| In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113885537. | |||||
| CVE-2018-9570 | 1 Google | 1 Android | 2019-11-13 | 9.3 HIGH | 7.8 HIGH |
| In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-115375616. | |||||
| CVE-2018-9571 | 1 Google | 1 Android | 2019-11-13 | 9.3 HIGH | 8.8 HIGH |
| In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116020594. | |||||
| CVE-2018-9572 | 1 Google | 1 Android | 2019-11-13 | 9.3 HIGH | 8.8 HIGH |
| In impd_drc_parse_coeff of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116224432. | |||||
| CVE-2018-9573 | 1 Google | 1 Android | 2019-11-13 | 9.3 HIGH | 7.8 HIGH |
| In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116467350. | |||||
| CVE-2018-9574 | 1 Google | 1 Android | 2019-11-13 | 9.3 HIGH | 7.8 HIGH |
| In impd_parse_split_drc_characteristic of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619337. | |||||
| CVE-2018-9575 | 1 Google | 1 Android | 2019-11-13 | 9.3 HIGH | 7.8 HIGH |
| In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116619387. | |||||
| CVE-2018-9576 | 1 Google | 1 Android | 2019-11-13 | 9.3 HIGH | 7.8 HIGH |
| In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715245. | |||||
| CVE-2018-9577 | 1 Google | 1 Android | 2019-11-13 | 9.3 HIGH | 7.8 HIGH |
| In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937. | |||||
| CVE-2019-17210 | 1 Arm | 2 Mbed-mqtt, Mbed-os | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(), mqttstring->lenstring.len is a part of user input, which can be manipulated. An attacker can simply change it to a larger value to invalidate the if statement so that the statements inside the if statement are skipped, letting the value of mqttstring->lenstring.data default to zero. Later, curn is accessed, which points to mqttstring->lenstring.data. On an Arm Cortex-M chip, the value at address 0x0 is actually the initialization value for the MSP register. It is highly dependent on the actual firmware. Therefore, the behavior of the program is unpredictable from this time on. | |||||
| CVE-2019-15004 | 1 Atlassian | 1 Jira Service Desk | 2019-11-13 | 4.3 MEDIUM | 7.5 HIGH |
| The Customer Context Filter in Atlassian Jira Service Desk Server and Jira Service Desk Data Center before 3.9.17, from 3.10.0 before 3.16.10, from 4.0.0 before 4.2.6, from 4.3.0 before 4.3.5, from 4.4.0 before 4.4.3, and from 4.5.0 before 4.5.1 allows remote attackers with portal access to view arbitrary issues in Jira Service Desk projects via a path traversal vulnerability. Note that when the 'Anyone can email the service desk or raise a request in the portal' setting is enabled, an attacker can grant themselves portal access, allowing them to exploit the vulnerability. | |||||
| CVE-2009-5045 | 2 Debian, Eclipse | 2 Debian Linux, Jetty | 2019-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| Dump Servlet information leak in jetty before 6.1.22. | |||||
| CVE-2019-7262 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2019-11-12 | 6.8 MEDIUM | 8.8 HIGH |
| Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF). | |||||
| CVE-2019-7273 | 1 Optergy | 2 Enterprise, Proton | 2019-11-12 | 6.8 MEDIUM | 8.8 HIGH |
| Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF). | |||||
| CVE-2019-17237 | 1 Getigniteup | 1 Igniteup | 2019-11-12 | 6.8 MEDIUM | 8.8 HIGH |
| includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows CSRF. | |||||
| CVE-2019-18840 | 1 Wolfssl | 1 Wolfssl | 2019-11-12 | 5.0 MEDIUM | 7.5 HIGH |
| In wolfSSL 4.1.0 through 4.2.0c, there are missing sanity checks of memory accesses in parsing ASN.1 certificate data while handshaking. Specifically, there is a one-byte heap-based buffer overflow inside the DecodedCert structure in GetName in wolfcrypt/src/asn.c because the domain name location index is mishandled. Because a pointer is overwritten, there is an invalid free. | |||||
| CVE-2019-18836 | 2 Envoyproxy, Istio | 2 Envoy, Istio | 2019-11-12 | 5.0 MEDIUM | 7.5 HIGH |
| Envoy 1.12.0 allows a remote denial of service because of resource loops, as demonstrated by a single idle TCP connection being able to keep a worker thread in an infinite busy loop when continue_on_listener_filters_timeout is used." | |||||
| CVE-2018-11761 | 2 Apache, Oracle | 2 Tika, Business Process Management Suite | 2019-11-12 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack. | |||||
| CVE-2018-1308 | 2 Apache, Debian | 2 Solr, Debian Linux | 2019-11-12 | 5.0 MEDIUM | 7.5 HIGH |
| This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network. | |||||
| CVE-2016-10688 | 1 Haxe | 1 Haxe | 2019-11-12 | 9.3 HIGH | 8.1 HIGH |
| Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server. | |||||
| CVE-2019-10852 | 1 Computrols | 1 Computrols Building Automation Software | 2019-11-12 | 6.5 MEDIUM | 8.8 HIGH |
| Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring. | |||||