Search
Total
2136 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3552 | 1 Redhat | 1 Enterprise Virtualization Manager | 2019-11-12 | 2.9 LOW | 3.1 LOW |
| In RHEV-M VDC 2.2.0, it was found that the SSL certificate was not verified when using the client-side Red Hat Enterprise Virtualization Manager interface (a Windows Presentation Foundation (WPF) XAML browser application) to connect to the Red Hat Enterprise Virtualization Manager. An attacker on the local network could use this flaw to conduct a man-in-the-middle attack, tricking the user into thinking they are viewing the Red Hat Enterprise Virtualization Manager when the content is actually attacker-controlled, or modifying actions a user requested Red Hat Enterprise Virtualization Manager to perform. | |||||
| CVE-2009-3614 | 2 Debian, Noping | 2 Debian Linux, Liboping | 2019-11-12 | 2.1 LOW | 3.3 LOW |
| liboping 1.3.2 allows users reading arbitrary files upon the local system. | |||||
| CVE-2019-2911 | 1 Oracle | 1 Mysql | 2019-11-11 | 4.0 MEDIUM | 2.7 LOW |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.6.45 and prior, 5.7.27 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). | |||||
| CVE-2019-6121 | 1 Nicehash | 1 Miner | 2019-11-08 | 4.3 MEDIUM | 3.7 LOW |
| An issue was discovered in NiceHash Miner before 2.0.3.0. Missing Authorization allows an adversary to can gain access to a miner's information about such as his recent payments, unclaimed Balance, Old Balance (at the time of December 2017 breach) , Projected payout, Mining stats like profitability, Efficiency, Number of workers, etc.. A valid Email address is required in order to retrieve this Information. | |||||
| CVE-2016-4983 | 3 Dovecot, Opensuse, Redhat | 4 Dovecot, Leap, Opensuse and 1 more | 2019-11-08 | 2.1 LOW | 3.3 LOW |
| A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. | |||||
| CVE-2013-1945 | 1 Ruby-lang | 1 Ruby193 | 2019-11-06 | 2.1 LOW | 3.3 LOW |
| ruby193 uses an insecure LD_LIBRARY_PATH setting. | |||||
| CVE-2018-1000002 | 1 Nic | 1 Knot Resolver | 2019-11-06 | 4.3 MEDIUM | 3.7 LOW |
| Improper input validation bugs in DNSSEC validators components in Knot Resolver (prior version 1.5.2) allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay. | |||||
| CVE-2019-17054 | 1 Linux | 1 Linux Kernel | 2019-10-25 | 2.1 LOW | 3.3 LOW |
| atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c. | |||||
| CVE-2019-17053 | 1 Linux | 1 Linux Kernel | 2019-10-25 | 2.1 LOW | 3.3 LOW |
| ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7. | |||||
| CVE-2019-17056 | 1 Linux | 1 Linux Kernel | 2019-10-25 | 2.1 LOW | 3.3 LOW |
| llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176. | |||||
| CVE-2017-8087 | 1 Avm | 2 Fritz\!box 7490, Fritz\!os | 2019-10-24 | 2.1 LOW | 2.4 LOW |
| Information Leakage in PPPoE Packet Padding in AVM Fritz!Box 7490 with Firmware versions Fritz!OS 6.80 and 6.83 allows physically proximate attackers to view slices of previously transmitted packets or portions of memory via via unspecified vectors. | |||||
| CVE-2019-3008 | 1 Oracle | 1 Solaris | 2019-10-21 | 1.2 LOW | 1.8 LOW |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 1.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L). | |||||
| CVE-2019-2961 | 1 Oracle | 1 Solaris | 2019-10-21 | 3.3 LOW | 3.6 LOW |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF services & legacy daemons). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 3.6 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L). | |||||
| CVE-2019-2954 | 1 Oracle | 1 Database Server | 2019-10-21 | 3.3 LOW | 3.9 LOW |
| Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L). | |||||
| CVE-2019-2955 | 1 Oracle | 1 Database Server | 2019-10-21 | 3.3 LOW | 3.9 LOW |
| Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L). | |||||
| CVE-2019-10450 | 1 Jenkins | 1 Elasticbox Ci | 2019-10-18 | 2.1 LOW | 3.3 LOW |
| Jenkins ElasticBox CI Plugin stores credentials unencrypted in the global config.xml configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2019-2872 | 1 Oracle | 1 Retail Xstore Point Of Service | 2019-10-17 | 2.6 LOW | 2.7 LOW |
| Vulnerability in the Oracle Retail Xstore Point of Service product of Oracle Retail Applications (component: Point of Sale). Supported versions that are affected are 17.0.3, 18.0.1 and 19.0.0. Difficult to exploit vulnerability allows physical access to compromise Oracle Retail Xstore Point of Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Xstore Point of Service accessible data as well as unauthorized read access to a subset of Oracle Retail Xstore Point of Service accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N). | |||||
| CVE-2019-17263 | 1 Libfwsi Project | 1 Libfwsi | 2019-10-14 | 2.1 LOW | 3.3 LOW |
| ** DISPUTED ** In libyal libfwsi before 20191006, libfwsi_extension_block_copy_from_byte_stream in libfwsi_extension_block.c has a heap-based buffer over-read because rejection of an unsupported size only considers values less than 6, even though values of 6 and 7 are also unsupported. NOTE: the vendor has disputed this as described in the GitHub issue. | |||||
| CVE-2019-17401 | 1 Liblnk Project | 1 Liblnk | 2019-10-11 | 2.1 LOW | 3.3 LOW |
| ** DISPUTED ** libyal liblnk 20191006 has a heap-based buffer over-read in the network_share_name_offset>20 code block of liblnk_location_information_read_data in liblnk_location_information.c, a different issue than CVE-2019-17264. NOTE: the vendor has disputed this as described in the GitHub issue. | |||||
| CVE-2019-4271 | 1 Ibm | 1 Websphere Application Server | 2019-10-09 | 3.5 LOW | 3.5 LOW |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243. | |||||
| CVE-2019-4150 | 1 Ibm | 1 Security Access Manager | 2019-10-09 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Access Manager 9.0.1 through 9.0.6 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-Force ID: 158510. | |||||
| CVE-2019-4236 | 2 Hp, Ibm | 2 Hp-ux, Spectrum Protect | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418. | |||||
| CVE-2019-13512 | 1 Fujielectric | 1 Frenic Loader | 2019-10-09 | 4.3 MEDIUM | 3.3 LOW |
| Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited information from the device. | |||||
| CVE-2019-10994 | 1 Laquisscada | 1 Scada | 2019-10-09 | 4.3 MEDIUM | 3.3 LOW |
| Processing a specially crafted project file in LAquis SCADA 4.3.1.71 may trigger an out-of-bounds read, which may allow an attacker to obtain sensitive information. The attacker must have local access to the system. A CVSS v3 base score of 2.5 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | |||||
| CVE-2019-10343 | 1 Jenkins | 1 Configuration As Code | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| Jenkins Configuration as Code Plugin 1.24 and earlier did not properly apply masking to values expected to be hidden when logging the configuration being applied. | |||||
| CVE-2019-10183 | 1 Redhat | 2 Enterprise Linux, Virt-manager | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| Virt-install(1) utility used to provision new virtual machines has introduced an option '--unattended' to create VMs without user interaction. This option accepts guest VM password as command line arguments, thus leaking them to others users on the system via process listing. It was introduced recently in the virt-manager v2.2.0 release. | |||||
| CVE-2019-10426 | 1 Jenkins | 1 Gem Publisher | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| Jenkins Gem Publisher Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system. | |||||
| CVE-2018-8864 | 1 Atisystem | 8 Alert4000, Alert4000 Firmware, Hpss16 and 5 more | 2019-10-09 | 2.9 LOW | 3.1 LOW |
| In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. | |||||
| CVE-2018-8862 | 1 Atisystem | 8 Alert4000, Alert4000 Firmware, Hpss16 and 5 more | 2019-10-09 | 2.9 LOW | 3.1 LOW |
| In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, an improper authentication vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger false alarms. | |||||
| CVE-2018-6559 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| The Linux kernel, as used in Ubuntu 18.04 LTS and Ubuntu 18.10, allows local users to obtain names of files in which they would not normally be able to access via an overlayfs mount inside of a user namespace. | |||||
| CVE-2018-5552 | 1 Docutracinc | 1 Dtisqlinstaller | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper". | |||||
| CVE-2018-3759 | 1 Private Address Check Project | 1 Private Address Check | 2019-10-09 | 4.3 MEDIUM | 3.7 LOW |
| private_address_check ruby gem before 0.5.0 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition due to the address the socket uses not being checked. DNS entries with a TTL of 0 can trigger this case where the initial resolution is a public address but the subsequent resolution is a private address. | |||||
| CVE-2018-1991 | 1 Ibm | 1 Api Connect | 2019-10-09 | 4.0 MEDIUM | 2.7 LOW |
| IBM API Connect 5.0.0.0, and 5.0.8.6 could could return sensitive information that could provide critical information as to the underlying software stack in CMC UI headers. IBM X-Force ID: 154284. | |||||
| CVE-2018-1842 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2019-10-09 | 3.3 LOW | 3.6 LOW |
| IBM Cognos Analytics 11 Configuration tool, under certain circumstances, will bypass OIDC namespace signature verification on its id_token. IBM X-Force ID: 150902. | |||||
| CVE-2018-1962 | 1 Ibm | 1 Security Identity Manager | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access to login into a closed browser session. IBM X-Force ID: 153658. | |||||
| CVE-2018-1993 | 1 Ibm | 1 Spectrum Scale | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM Spectrum Scale (GPFS) 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 where the use of Local Read Only Cache (LROC) is enabled may caused read operation on a file to return data from a different file. IBM X-Force ID: 154440. | |||||
| CVE-2018-2005 | 1 Ibm | 1 Bigfix Platform | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM BigFix Platform 9.2 and 9.5 stores potentially sensitive information in process memory that could be read by a local attacker with elevated permissions. IBM X-Force ID: 155007 | |||||
| CVE-2018-1804 | 1 Ibm | 1 Security Access Manager | 2019-10-09 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 does not set the secure attribute on authorization tokens or session cookies. This could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 149703. | |||||
| CVE-2018-1505 | 1 Ibm | 1 I2 Enterprise Insight Analysis | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM i2 Enterprise Insight Analysis 2.1.7 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 141413. | |||||
| CVE-2018-1623 | 1 Ibm | 1 Security Privileged Identity Manager | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 144408. | |||||
| CVE-2018-1484 | 1 Ibm | 1 Bigfix Platform | 2019-10-09 | 4.3 MEDIUM | 3.7 LOW |
| IBM BigFix Platform 9.2.0 through 9.2.14 and 9.5 through 9.5.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 140969. | |||||
| CVE-2018-1568 | 1 Ibm | 1 Qradar Incident Forensics | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118. | |||||
| CVE-2018-1369 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2019-10-09 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 137767. | |||||
| CVE-2018-19004 | 1 Lcds | 1 Laquis Scada | 2019-10-09 | 4.3 MEDIUM | 3.3 LOW |
| LCDS Laquis SCADA prior to version 4.1.0.4150 allows out of bounds read when opening a specially crafted project file, which may allow data exfiltration. | |||||
| CVE-2018-17891 | 2 Carestream, Microsoft | 2 Carestream Vue Ris, Windows 8.1 | 2019-10-09 | 4.3 MEDIUM | 3.7 LOW |
| Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a more elaborate attack. | |||||
| CVE-2018-17907 | 1 Omron | 1 Cx-supervisor | 2019-10-09 | 4.3 MEDIUM | 3.3 LOW |
| When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior and tampering with the value of an offset, an attacker can force the application to read a value outside of an array. | |||||
| CVE-2018-17502 | 1 Thereceptionist | 1 The Receptionist For Ipad | 2019-10-09 | 2.1 LOW | 3.3 LOW |
| The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails. | |||||
| CVE-2018-16463 | 1 Nextcloud | 1 Nextcloud Server | 2019-10-09 | 3.6 LOW | 3.1 LOW |
| A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares. | |||||
| CVE-2018-14799 | 1 Philips | 10 Pagewriter Tc10, Pagewriter Tc10 Firmware, Pagewriter Tc20 and 7 more | 2019-10-09 | 4.6 MEDIUM | 3.7 LOW |
| In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities. | |||||
| CVE-2018-15466 | 1 Cisco | 1 Policy Suite For Mobile | 2019-10-09 | 4.3 MEDIUM | 3.7 LOW |
| A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web interface. The attacker would need to have access to the internal VLAN where CPS is deployed. The vulnerability is due to lack of authentication. An attacker could exploit this vulnerability by directly connecting to the Graphite web interface. An exploit could allow the attacker to access various statistics and Key Performance Indicators (KPIs) regarding the Cisco Policy Suite environment. | |||||