| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-7642 |
|
|
2019-03-25 |
N/A |
| D-Link routers with the mydlink feature have some web interfaces without authentication requirements. An attacker can remotely obtain users' DNS query logs and login logs. Vulnerable targets include but are not limited to the latest firmware... |
| CVE-2019-6538 |
|
|
2019-03-25 |
N/A |
| The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta... |
| CVE-2019-0204 |
|
|
2019-03-25 |
N/A |
| A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and... |
| CVE-2018-19859 |
|
|
2019-03-25 |
4.0 |
| OpenRefine before 3.2 beta allows directory traversal via a relative pathname in a ZIP archive. |
| CVE-2018-14523 |
1 Aubio |
1 Aubio |
2019-03-25 |
6.8 |
| An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes. |
| CVE-2018-14522 |
1 Aubio |
1 Aubio |
2019-03-25 |
6.8 |
| An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes. |
| CVE-2017-7342 |
|
|
2019-03-25 |
N/A |
| A weak password recovery process vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via a hidden Close button |
| CVE-2019-2449 |
1 Oracle |
1 Jdk |
2019-03-25 |
2.6 |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple... |
| CVE-2019-2422 |
4 Oracle, Netapp, Canonical and 1 more |
12 Jdk, Jre, Oncommand Unified Manager and 9 more |
2019-03-25 |
4.3 |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated... |
| CVE-2018-15583 |
|
|
2019-03-25 |
N/A |
| Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter. |
| CVE-2018-12549 |
2 Eclipse, Redhat |
4 Openj9, Enterprise Linux Desktop, Enterprise Linux Server and 1 more |
2019-03-25 |
7.5 |
| In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it. |
| CVE-2018-12547 |
1 Redhat |
3 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Workstation |
2019-03-25 |
7.5 |
| In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not... |
| CVE-2018-11212 |
6 Ijg, Netapp, Oracle and 3 more |
11 Libjpeg, Oncommand Unified Manager, Oncommand Workflow Automation and 8 more |
2019-03-25 |
4.3 |
| An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. |
| CVE-2017-7340 |
|
|
2019-03-25 |
N/A |
| A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. |
| CVE-2017-12617 |
1 Apache |
1 Tomcat |
2019-03-25 |
6.8 |
| When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to... |
| CVE-2019-9970 |
|
|
2019-03-25 |
N/A |
| Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the... |
| CVE-2019-7148 |
1 Elfutils Project |
1 Elfutils |
2019-03-25 |
4.3 |
| **DISPUTED** An attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf... |
| CVE-2019-10044 |
|
|
2019-03-25 |
N/A |
| Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link... |
| CVE-2018-1000061 |
1 Arm |
1 Mbed Tls |
2019-03-25 |
7.5 |
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. |
| CVE-2014-9189 |
|
|
2019-03-25 |
N/A |
| Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution,... |
