Total
9737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20669 | 3 Canonical, Linux, Netapp | 7 Ubuntu Linux, Linux Kernel, Cn1610 and 4 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation. | |||||
| CVE-2019-1952 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to overwrite or read arbitrary files. The attacker would need valid administrator privilege-level credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using directory traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to overwrite or read arbitrary files on an affected device. | |||||
| CVE-2019-5976 | 1 Cybozu | 1 Garoon | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| Cybozu Garoon 4.0.0 to 4.10.2 allows an attacker with administrative rights to cause a denial of service condition via unspecified vectors. | |||||
| CVE-2019-5800 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2018-4321 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12. | |||||
| CVE-2018-4348 | 1 Apple | 1 Mac Os X | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A validation issue was addressed with improved logic. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2019-0957 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0958. | |||||
| CVE-2018-15729 | 1 Stopzilla | 1 Antimalware | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204B. | |||||
| CVE-2019-1296 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295. | |||||
| CVE-2019-9441 | 1 Google | 1 Android | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| In the Android kernel in the mnh driver there is a possible out of bounds write due to improper input validation. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2019-0973 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1749 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the ingress traffic validation of Cisco IOS XE Software for Cisco Aggregation Services Router (ASR) 900 Route Switch Processor 3 (RSP3) could allow an unauthenticated, adjacent attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability exists because the software insufficiently validates ingress traffic on the ASIC used on the RSP3 platform. An attacker could exploit this vulnerability by sending a malformed OSPF version 2 (OSPFv2) message to an affected device. A successful exploit could allow the attacker to cause a reload of the iosd process, triggering a reload of the affected device and resulting in a DoS condition. | |||||
| CVE-2019-11714 | 1 Mozilla | 1 Firefox | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68. | |||||
| CVE-2018-20162 | 1 Digi | 2 Transport Lr54, Transport Lr54 Firmware | 2024-02-28 | 9.0 HIGH | 9.9 CRITICAL |
| Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary commands as root. | |||||
| CVE-2018-20378 | 1 Opensynergy | 1 Blue Sdk | 2024-02-28 | 5.4 MEDIUM | 7.5 HIGH |
| The L2CAP signaling channel implementation and SDP server implementation in OpenSynergy Blue SDK 3.2 through 6.0 allow remote, unauthenticated attackers to execute arbitrary code or cause a denial of service via malicious L2CAP configuration requests, in conjunction with crafted SDP communication over maliciously configured L2CAP channels. The attacker must have connectivity over the Bluetooth physical layer, and must be able to send raw L2CAP frames. This is related to L2Cap_HandleConfigReq in core/stack/l2cap/l2cap_sm.c and SdpServHandleServiceSearchAttribReq in core/stack/sdp/sdpserv.c. | |||||
| CVE-2019-16412 | 1 Tendacn | 2 N301, N301 Firmware | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.) | |||||
| CVE-2017-18466 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration (SEC-228). | |||||
| CVE-2019-1817 | 1 Cisco | 1 Web Security Appliance | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliance could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of HTTP and HTTPS requests. An attacker could exploit this vulnerability by sending a malformed HTTP or HTTPS request to an affected device. An exploit could allow the attacker to cause a restart of the web proxy process, resulting in a temporary DoS condition. | |||||
| CVE-2018-4417 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2019-10054 | 1 Suricata-ids | 1 Suricata | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file. | |||||