Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-4271 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 3.5 LOW | 3.5 LOW |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Admin console is vulnerable to a Client-side HTTP parameter pollution vulnerability. IBM X-Force ID: 160243. | |||||
CVE-2018-20895 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
In cPanel before 71.9980.37, API tokens retain ACLs after those ACLs are removed from the corresponding accounts (SEC-393). | |||||
CVE-2019-1945 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these vulnerabilities, see the Details section of this security advisory. | |||||
CVE-2018-16558 | 1 Siemens | 2 Simatic S7-1500, Simatic S7-1500 Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
CVE-2019-10937 | 1 Siemens | 2 Simatic Tdc Cp51m1, Simatic Tdc Cp51m1 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability has been identified in SIMATIC TDC CP51M1 (All versions < V1.1.7). An attacker with network access to the device could cause a Denial-of-Service condition by sending a specially crafted UDP packet. The vulnerability affects the UDP communication of the device. The security vulnerability could be exploited without authentication. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
CVE-2019-1921 | 1 Cisco | 1 Email Security Appliance | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker could exploit this vulnerability by naming a malicious attachment with a specific pattern. A successful exploit could allow the attacker to bypass configured content filters that would normally block the attachment. | |||||
CVE-2019-1712 | 1 Cisco | 1 Ios Xr | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. The vulnerability is due to the incorrect processing of crafted AutoRP packets. An attacker could exploit this vulnerability by sending crafted packets to port UDP 496 on a reachable IP address on the device. A successful exploit could allow the attacker to cause the PIM process to restart. Software versions prior to 6.2.3, 6.3.2, 6.4.0, and 6.5.1 are affected. | |||||
CVE-2019-0786 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An elevation of privilege vulnerability exists in the Microsoft Server Message Block (SMB) Server when an attacker with valid credentials attempts to open a specially crafted file over the SMB protocol on the same machine, aka 'SMB Server Elevation of Privilege Vulnerability'. | |||||
CVE-2015-7559 | 2 Apache, Redhat | 3 Activemq, Jboss A-mq, Jboss Fuse | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. | |||||
CVE-2018-20891 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
cPanel before 74.0.0 allows arbitrary file-read operations during File Restoration (SEC-436). | |||||
CVE-2017-9376 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-02-28 | 5.0 MEDIUM | 6.5 MEDIUM |
ManageEngine ServiceDesk Plus before 9314 contains a local file inclusion vulnerability in the defModule parameter in DefaultConfigDef.do and AssetDefaultConfigDef.do. | |||||
CVE-2018-4369 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A logic issue was addressed with improved state management. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1. | |||||
CVE-2016-10807 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
cPanel before 57.9999.54 allows certain denial-of-service outcomes via /scripts/killpvhost (SEC-112). | |||||
CVE-2019-2389 | 1 Mongodb | 1 Mongodb | 2024-02-28 | 1.9 LOW | 4.2 MEDIUM |
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue affects MongoDB Server v4.0 versions prior to 4.0.11; MongoDB Server v3.6 versions prior to 3.6.14; MongoDB Server v3.4 versions prior to 3.4.22. | |||||
CVE-2018-20852 | 1 Python | 1 Python | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3. | |||||
CVE-2018-14994 | 1 Essential | 2 Phone, Phone Firmware | 2024-02-28 | 9.4 HIGH | 7.5 HIGH |
The Essential Phone Android device with a build fingerprint of essential/mata/mata:8.1.0/OPM1.180104.166/297:user/release-keys contains a pre-installed platform app with a package name of com.ts.android.hiddenmenu (versionName=1.0, platformBuildVersionName=8.1.0) that contains an exported activity app component named com.ts.android.hiddenmenu.rtn.RTNResetActivity that allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app. | |||||
CVE-2019-12588 | 1 Espressif | 2 Arduino Esp8266, Esp8266 Nonos Sdk | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio range to cause a denial of service (crash) via a crafted message. | |||||
CVE-2019-11071 | 2 Debian, Spip | 2 Debian Linux, Spip | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled. | |||||
CVE-2019-0657 | 1 Microsoft | 12 .net Core, .net Framework, Powershell Core and 9 more | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'. | |||||
CVE-2019-7843 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. |