Total
9736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20980 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. | |||||
| CVE-2019-0620 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-02-28 | 7.7 HIGH | 8.4 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0709, CVE-2019-0722. | |||||
| CVE-2018-14671 | 1 Yandex | 1 Clickhouse | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability. | |||||
| CVE-2017-18394 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 2.7 LOW |
| cPanel before 68.0.15 does not have a sufficient list of reserved usernames (SEC-327). | |||||
| CVE-2018-20861 | 1 Openmpt | 1 Libopenmpt | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| libopenmpt before 0.3.11 allows a crash with certain malformed custom tunings in MPTM files. | |||||
| CVE-2017-18415 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering (SEC-302). | |||||
| CVE-2017-18509 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187. | |||||
| CVE-2018-20897 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 3.3 LOW | 2.8 LOW |
| cPanel before 71.9980.37 allows arbitrary file-unlink operations via the cPAddons moderation system (SEC-395). | |||||
| CVE-2018-20882 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.6 MEDIUM | 6.8 MEDIUM |
| cPanel before 74.0.8 allows arbitrary file-write operations in the context of the root account during WHM Force Password Change (SEC-447). | |||||
| CVE-2018-14991 | 2 Coolpad, T-mobile | 6 Defiant, Defiant Firmware, Revvl Plus and 3 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile Revvl Plus with a build fingerprint of Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildf_nj_02-206:user/release-keys all contain a vulnerable, pre-installed Rich Communication Services (RCS) app. These devices contain an that app has a package name of com.suntek.mway.rcs.app.service (versionCode=1, versionName=RCS_sdk_M_native_20161008_01; versionCode=1, versionName=RCS_sdk_M_native_20170406_01) with an exported content provider named com.suntek.mway.rcs.app.service.provider.message.MessageProvider and a refactored version of the app with a package name of com.rcs.gsma.na.sdk (versionCode=1, versionName=RCS_SDK_20170804_01) with a content provider named com.rcs.gsma.na.provider.message.MessageProvider allow any app co-located on the device to read, write, insert, and modify the user's text messages. This is enabled by an exported content provider app component that serves as a wrapper to the official content provider that contains the user's text messages. This app cannot be disabled by the user and the attack can be performed by a zero-permission app. | |||||
| CVE-2019-7885 | 1 Magento | 1 Magento | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search. | |||||
| CVE-2019-1923 | 1 Cisco | 20 Spa500ds, Spa500ds Firmware, Spa500s and 17 more | 2024-02-28 | 4.6 MEDIUM | 6.6 MEDIUM |
| A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by accessing the configuration interface, which may require a password, and then accessing the device's physical interface and inserting a USB storage device. A successful exploit could allow the attacker to execute arbitrary commands on the device in an elevated security context. At the time of publication, this vulnerability affected Cisco Small Business SPA500 Series IP Phones firmware releases 7.6.2SR5 and prior. | |||||
| CVE-2019-1010245 | 1 Linuxfoundation | 1 Open Network Operating System | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15. | |||||
| CVE-2018-19016 | 1 Rockwellautomation | 2 Ethernet\/ip Web Server Module 1756-eweb, Ethernet\/ip Web Server Module 1768-eweb | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| Rockwell Automation EtherNet/IP Web Server Modules 1756-EWEB (includes 1756-EWEBK) Version 5.001 and earlier, and CompactLogix 1768-EWEB Version 2.005 and earlier. A remote attacker could send a crafted UDP packet to the SNMP service causing a denial-of-service condition to occur until the affected product is restarted. | |||||
| CVE-2019-0163 | 1 Intel | 2 I5-5350u, I5-5350u Firmware | 2024-02-28 | 4.6 MEDIUM | 8.2 HIGH |
| Insufficient input validation in system firmware for Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access. | |||||
| CVE-2019-1743 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device. | |||||
| CVE-2019-12841 | 1 Jetbrains | 1 Teamcity | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect handling of user input in ZIP extraction was detected in JetBrains TeamCity. The issue was fixed in TeamCity 2018.2.2. | |||||
| CVE-2019-11069 | 1 Sequelizejs | 1 Sequelize | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Sequelize version 5 before 5.3.0 does not properly ensure that standard conforming strings are used. | |||||
| CVE-2018-12147 | 1 Intel | 3 Converged Security Management Engine Firmware, Server Platform Services Firmware, Trusted Execution Engine Firmware | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, IntelĀ® Server Platform Services before version 4.0 and IntelĀ® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access. | |||||
| CVE-2019-3571 | 1 Whatsapp | 1 Whatsapp | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension. | |||||