Total
9736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6690 | 5 Canonical, Debian, Opensuse and 2 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component. | |||||
| CVE-2019-1841 | 1 Cisco | 1 Dna Center | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending arbitrary HTTP requests to internal services. An exploit could allow the attacker to bypass any firewall or other protections to access unauthorized internal services. DNAC versions prior to 1.2.5 are affected. | |||||
| CVE-2019-0271 | 1 Sap | 3 Advanced Business Application Programming Platform, Advanced Business Application Programming Server, Sap Kernel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below. | |||||
| CVE-2018-4342 | 1 Apple | 1 Mac Os X | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1. | |||||
| CVE-2009-5158 | 1 Sumo | 1 Google Analyticator | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text. | |||||
| CVE-2018-12216 | 1 Intel | 1 Graphics Driver | 2024-02-28 | 7.2 HIGH | 8.2 HIGH |
| Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access via local access. | |||||
| CVE-2019-12831 | 1 Mybb | 1 Mybb | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
| In MyBB before 1.8.21, an attacker can abuse a default behavior of MySQL on many systems (that leads to truncation of strings that are too long for a database column) to create a PHP shell in the cache directory of a targeted forum via a crafted XML import, as demonstrated by truncation of aaaaaaaaaaaaaaaaaaaaaaaaaa.php.css to aaaaaaaaaaaaaaaaaaaaaaaaaa.php with a 30-character limit, aka theme import stylesheet name RCE. | |||||
| CVE-2016-10808 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| In cPanel before 57.9999.54, /scripts/addpop and /scripts/delpop exposed TTYs (SEC-113). | |||||
| CVE-2019-3957 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information. | |||||
| CVE-2017-7189 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input. | |||||
| CVE-2018-4406 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service issue was addressed with improved validation. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2018-12187 | 1 Intel | 1 Active Management Technology Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access. | |||||
| CVE-2019-0701 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-28 | 5.5 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0690, CVE-2019-0695. | |||||
| CVE-2017-18405 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| cPanel before 68.0.15 allows arbitrary file-read operations because of the backup .htaccess modification logic (SEC-345). | |||||
| CVE-2017-18475 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| In cPanel before 62.0.4, Exim piped filters ran in the context of an incorrect user account when delivering to a system user (SEC-204). | |||||
| CVE-2019-13127 | 2 Draw, Jgraph | 2 Draw.io Diagrams, Mxgraph | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in mxGraph through 4.0.0, related to the "draw.io Diagrams" plugin before 8.3.14 for Confluence and other products. Improper input validation/sanitization of a color field leads to XSS. This is associated with javascript/examples/grapheditor/www/js/Dialogs.js. | |||||
| CVE-2019-13449 | 1 Zoom | 1 Zoom | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421. | |||||
| CVE-2019-11228 | 1 Gitea | 1 Gitea | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress. | |||||
| CVE-2017-12795 | 1 Openmrs | 1 Openmrs-module-htmlformentry | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation). | |||||
| CVE-2019-2136 | 1 Google | 1 Android | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| In Status::readFromParcel of Status.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132650049. | |||||