Search
Total
233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0981 | 1 Microsoft | 10 .net Core, .net Framework, Windows 10 and 7 more | 2019-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. | |||||
| CVE-2019-0982 | 1 Microsoft | 1 Asp.net Core | 2019-05-20 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. | |||||
| CVE-2019-0945 | 1 Microsoft | 2 Office, Office 365 | 2019-05-17 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0946, CVE-2019-0947. | |||||
| CVE-2019-0946 | 1 Microsoft | 2 Office, Office 365 Proplus | 2019-05-17 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0945, CVE-2019-0947. | |||||
| CVE-2019-0947 | 1 Microsoft | 1 Office | 2019-05-17 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0945, CVE-2019-0946. | |||||
| CVE-2016-3306 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-05-15 | 4.6 MEDIUM | 7.8 HIGH |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3305. | |||||
| CVE-2016-3305 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-05-15 | 4.6 MEDIUM | 7.8 HIGH |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3306. | |||||
| CVE-2015-2432 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2019-05-15 | 9.3 HIGH | N/A |
| ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." | |||||
| CVE-2015-0060 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-05-14 | 4.7 MEDIUM | N/A |
| The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability." | |||||
| CVE-2015-0081 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-05-14 | 9.3 HIGH | N/A |
| Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability." | |||||
| CVE-2019-11070 | 2 Webkitgtk, Wpewebkit | 2 Webkitgtk, Wpe Webkit | 2019-05-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. | |||||
| CVE-2016-7292 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-05-08 | 7.2 HIGH | 7.8 HIGH |
| The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Installer Elevation of Privilege Vulnerability." | |||||
| CVE-2015-4025 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 7.5 HIGH | N/A |
| PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. | |||||
| CVE-2015-4026 | 3 Apple, Php, Redhat | 9 Mac Os X, Php, Enterprise Linux and 6 more | 2019-04-22 | 7.5 HIGH | N/A |
| The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. | |||||
| CVE-2014-0227 | 1 Apache | 1 Tomcat | 2019-04-15 | 6.4 MEDIUM | N/A |
| java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. | |||||
| CVE-2019-0801 | 1 Microsoft | 2 Office, Office 365 Proplus | 2019-04-15 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update addresses the vulnerability by correcting how Office handles these files., aka 'Office Remote Code Execution Vulnerability'. | |||||
| CVE-2006-7254 | 1 Gnu | 1 Glibc | 2019-04-11 | 2.1 LOW | 5.5 MEDIUM |
| The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. | |||||
| CVE-2019-0815 | 1 Microsoft | 1 Asp.net Core | 2019-04-10 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. | |||||
| CVE-2018-4329 | 1 Apple | 2 Iphone Os, Safari | 2019-04-08 | 5.0 MEDIUM | 7.5 HIGH |
| Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12. | |||||
| CVE-2019-10477 | 2 Fusioninventory, Glpi-project | 2 Fusioninventory, Glpi | 2019-04-01 | 5.0 MEDIUM | 7.5 HIGH |
| The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions. | |||||
| CVE-2019-9870 | 1 Oembed Project | 1 Oembed | 2019-03-26 | 7.5 HIGH | 9.8 CRITICAL |
| plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements. | |||||
| CVE-2019-9573 | 1 Mishubd | 1 Wp Human Resource Management | 2019-03-21 | 5.0 MEDIUM | 7.5 HIGH |
| The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications. | |||||
| CVE-2014-4492 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 7.5 HIGH | N/A |
| libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type. | |||||
| CVE-2014-4488 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 10.0 HIGH | N/A |
| IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2014-4484 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2019-03-08 | 7.5 HIGH | N/A |
| FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .dfont file. | |||||
| CVE-2015-1062 | 1 Apple | 2 Iphone Os, Tvos | 2019-03-08 | 5.0 MEDIUM | N/A |
| MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a crafted app. | |||||
| CVE-2015-7054 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-08 | 6.8 MEDIUM | N/A |
| zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remote attackers to execute arbitrary code via a crafted web site. | |||||
| CVE-2019-0630 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-03-07 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633. | |||||
| CVE-2019-0633 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-03-07 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0630. | |||||
| CVE-2019-9563 | 1 Bluemind | 1 Bluemind | 2019-03-04 | 5.0 MEDIUM | 7.5 HIGH |
| In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the contact application mishandles temporary uploads. | |||||
| CVE-2018-6091 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Service Workers can intercept any request made by an <embed> or <object> tag in Fetch API in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2018-6100 | 4 Apple, Debian, Google and 1 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2019-01-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2018-6106 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-30 | 6.8 MEDIUM | 8.8 HIGH |
| An asynchronous generator may return an incorrect state in V8 in Google Chrome prior to 66.0.3359.117 allowing a remote attacker to potentially exploit object corruption via a crafted HTML page. | |||||
| CVE-2018-6133 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2019-01-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2019-6440 | 1 Zemana | 1 Antimalware | 2019-01-25 | 7.5 HIGH | 9.8 CRITICAL |
| Zemana AntiMalware before 3.0.658 Beta mishandles update logic. | |||||
| CVE-2018-5915 | 1 Qualcomm | 42 Mdm9607, Mdm9607 Firmware, Mdm9640 and 39 more | 2019-01-24 | 10.0 HIGH | 9.8 CRITICAL |
| Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130 | |||||
| CVE-2019-0548 | 1 Microsoft | 1 Asp.net Core | 2019-01-15 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564. | |||||
| CVE-2019-0564 | 1 Microsoft | 1 Asp.net Core | 2019-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548. | |||||
| CVE-2015-0560 | 2 Opensuse, Wireshark | 2 Opensuse, Wireshark | 2018-10-30 | 5.0 MEDIUM | N/A |
| The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2015-3225 | 3 Debian, Opensuse, Rack Project | 3 Debian Linux, Opensuse, Rack | 2018-10-30 | 5.0 MEDIUM | N/A |
| lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. | |||||
| CVE-2016-5153 | 2 Google, Opensuse | 2 Chrome, Leap | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, improperly relies on list iteration, which allows remote attackers to cause a denial of service (use-after-destruction) or possibly have unspecified other impact via a crafted web site. | |||||
| CVE-2015-7575 | 3 Canonical, Mozilla, Opensuse | 6 Ubuntu Linux, Firefox, Firefox Esr and 3 more | 2018-10-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. | |||||
| CVE-2015-2190 | 3 Opensuse, Oracle, Wireshark | 3 Opensuse, Solaris, Wireshark | 2018-10-30 | 5.0 MEDIUM | N/A |
| epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. | |||||
| CVE-2016-3630 | 5 Debian, Fedoraproject, Mercurial and 2 more | 7 Debian Linux, Fedora, Mercurial and 4 more | 2018-10-30 | 6.8 MEDIUM | 8.8 HIGH |
| The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a (1) clone, (2) push, or (3) pull command, related to (a) a list sizing rounding error and (b) short records. | |||||
| CVE-2014-9221 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2018-10-30 | 5.0 MEDIUM | N/A |
| strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. | |||||
| CVE-2015-7744 | 2 Opensuse, Wolfssl | 3 Leap, Opensuse, Wolfssl | 2018-10-30 | 2.6 LOW | 5.9 MEDIUM |
| wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. | |||||
| CVE-2015-1760 | 1 Microsoft | 2 Office, Office Compatibility Pack | 2018-10-30 | 9.3 HIGH | N/A |
| Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2016-7275 | 1 Microsoft | 1 Office | 2018-10-30 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability." | |||||
| CVE-2015-1270 | 5 Debian, Google, Opensuse and 2 more | 8 Debian Linux, Chrome, Opensuse and 5 more | 2018-10-30 | 6.8 MEDIUM | N/A |
| The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2016-1947 | 3 Canonical, Mozilla, Opensuse | 4 Ubuntu Linux, Firefox, Leap and 1 more | 2018-10-30 | 4.3 MEDIUM | 4.7 MEDIUM |
| Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data. | |||||