Total
28702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9893 | 1 Libseccomp Project | 1 Libseccomp | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations. | |||||
| CVE-2018-12202 | 1 Intel | 5 Core I3, Core I5, Core I7 and 2 more | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access. | |||||
| CVE-2019-4402 | 1 Ibm | 1 Api Connect | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM API Connect 2018.1 through 2018.4.1.6 developer portal could allow an unauthorized user to cause a denial of service via an unprotected API. IBM X-Force ID: 162263. | |||||
| CVE-2019-0696 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-7041 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation. | |||||
| CVE-2019-2054 | 2 Canonical, Google | 2 Ubuntu Linux, Android | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499 | |||||
| CVE-2019-4259 | 1 Ibm | 1 Spectrum Scale | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| A security vulnerability has been identified in IBM Spectrum Scale 4.1.1, 4.2.0, 4.2.1, 4.2.2, 4.2.3, and 5.0.0 with CES stack enabled that could allow sensitive data to be included with service snaps. IBM X-Force ID: 160011. | |||||
| CVE-2019-1102 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | |||||
| CVE-2019-0174 | 1 Intel | 376 2000e, 2000e Firmware, 2002e and 373 more | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| Logic condition in specific microprocessors may allow an authenticated user to potentially enable partial physical address information disclosure via local access. | |||||
| CVE-2019-2874 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-02-28 | 2.1 LOW | 3.3 LOW |
| Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.2.32 and prior to 6.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2018-20031 | 2 Flexera, Oracle | 2 Flexnet Publisher, Communications Lsms | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability related to preemptive item deletion in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier allows a remote attacker to send a combination of messages to lmgrd or the vendor daemon, causing the heartbeat between lmgrd and the vendor daemon to stop, and the vendor daemon to shut down. | |||||
| CVE-2019-1301 | 1 Microsoft | 2 .net Core, Powershell Core | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when .NET Core improperly handles web requests, aka '.NET Core Denial of Service Vulnerability'. | |||||
| CVE-2019-3643 | 1 Mcafee | 4 Active Response, Advanced Threat Defense, Enterprise Security Manager and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| McAfee Web Gateway (MWG) earlier than 7.8.2.13 is vulnerable to a remote attacker exploiting CVE-2019-9511, potentially leading to a denial of service. This affects the scanning proxies. | |||||
| CVE-2019-5682 | 2 Google, Nvidia | 2 Android, Shield Experience | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service. | |||||
| CVE-2019-6167 | 1 Lenovo | 8 Ideacentre, Ideapad, Service Bridge and 5 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution. | |||||
| CVE-2019-16103 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows privilege escalation (by administrators) from the menu to a root Bash OS shell via the spsshell feature. | |||||
| CVE-2019-0098 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
| Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2019-2665 | 1 Oracle | 1 Common Applications | 2024-02-28 | 5.8 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: CRM User Management Framework). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Common Applications accessible data as well as unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | |||||
| CVE-2018-20053 | 1 Cerner | 2 Connectivity Engine 4, Connectivity Engine 4 Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Cerner Connectivity Engine (CCE) 4 devices. The hostname, timezone, and NTP server configurations on the CCE device are vulnerable to command injection by sending a crafted configuration file over the network. | |||||
| CVE-2019-6634 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, a high volume of malformed analytics report requests leads to instability in restjavad process. This causes issues with both iControl REST and some portions of TMUI. The attack requires an authenticated user with any role. | |||||