Total
9738 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0092 | 1 Intel | 1 Active Management Technology Firmware | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
| Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2018-20873 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). | |||||
| CVE-2018-20857 | 1 Zendesk | 1 Samlr | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Zendesk Samlr before 2.6.2 allows an XML nodes comment attack such as a name_id node with user@example.com followed by <!---->. and then the attacker's domain name. | |||||
| CVE-2016-10787 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
| The Host Access Control feature in cPanel before 60.0.25 mishandles actionless host.deny entries (SEC-187). | |||||
| CVE-2018-4462 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14.2. | |||||
| CVE-2019-1846 | 1 Cisco | 11 Asr 9000v, Asr 9001, Asr 9006 and 8 more | 2024-02-28 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the Multiprotocol Label Switching (MPLS) Operations, Administration, and Maintenance (OAM) implementation of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to the incorrect handling of certain MPLS OAM packets. An attacker could exploit this vulnerability by sending malicious MPLS OAM packets to an affected device. A successful exploit could allow the attacker to cause the lspv_server process to crash. The crash could lead to system instability and the inability to process or forward traffic though the device, resulting in a DoS condition that require manual intervention to restore normal operating conditions. | |||||
| CVE-2016-10842 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 11.54.0.4 allows certain file-read operations in bin/setup_global_spam_filter.pl (SEC-74). | |||||
| CVE-2019-1302 | 1 Microsoft | 1 Asp.net Core | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists when a ASP.NET Core web application, created using vulnerable project templates, fails to properly sanitize web requests, aka 'ASP.NET Core Elevation Of Privilege Vulnerability'. | |||||
| CVE-2018-1640 | 1 Ibm | 1 Security Privileged Identity Manager | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 144580. | |||||
| CVE-2018-4313 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5. | |||||
| CVE-2018-18558 | 1 Espressif | 1 Esp-idf | 2024-02-28 | 6.9 MEDIUM | 6.4 MEDIUM |
| An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that overwrites a bootloader code segment in process_segment in components/bootloader_support/src/esp_image_format.c. The attack is effective when the flash encryption feature is not enabled, or if the attacker finds a different vulnerability that allows them to write this binary to flash memory. | |||||
| CVE-2018-4362 | 1 Apple | 2 Iphone Os, Safari | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 11.1.2, iOS 12. | |||||
| CVE-2019-1816 | 1 Cisco | 1 Web Security Appliance | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the log subscription subsystem of the Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to perform command injection and elevate privileges to root. The vulnerability is due to insufficient validation of user-supplied input on the web and command-line interface. An attacker could exploit this vulnerability by authenticating to the affected device and injecting scripting commands in the scope of the log subscription subsystem. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. | |||||
| CVE-2019-1805 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-02-28 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input- and validation-checking mechanisms for inbound SSH connections on an affected device. An attacker could exploit this vulnerability by attempting to establish an SSH connection to an affected controller. An exploit could allow the attacker to access an affected device's CLI to potentially cause further attacks. This vulnerability has been fixed in version 8.5(140.0). | |||||
| CVE-2019-9799 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Insufficient bounds checking of data during inter-process communication might allow a compromised content process to be able to read memory from the parent process under certain conditions. This vulnerability affects Firefox < 66. | |||||
| CVE-2019-1766 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 12.5(1)SR1. | |||||
| CVE-2019-14243 | 1 Haproxy | 1 Proxyprotocol | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service (webserver panic and daemon crash) via a crafted HAProxy PROXY v2 request with truncated source/destination address data. | |||||
| CVE-2017-6261 | 1 Nvidia | 1 Vibrante Linux | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA Vibrante Linux version 1.1, 2.0, and 2.2 contains a vulnerability in the user space driver in which protection mechanisms are insufficient, may lead to denial of service or information disclosure. | |||||
| CVE-2018-6138 | 1 Google | 1 Chrome | 2024-02-28 | 5.8 MEDIUM | 8.1 HIGH |
| Insufficient policy enforcement in Extensions API in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||
| CVE-2017-18545 | 1 Invite Anyone Project | 1 Invite Anyone | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input. | |||||