| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-16098 |
1 Lenovo |
59 Synaptics Thinkpad Ultranav Driver, Thiankpad L430 Firmware, Thiankpad L530 Firmware and 56 more |
2019-02-22 |
7.2 |
| In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user. |
| CVE-2019-1666 |
1 Cisco |
1 Hyperflex Hx Data Platform |
2019-02-21 |
5.0 |
| A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could... |
| CVE-2019-1667 |
1 Cisco |
1 Hyperflex Hx Data Platform |
2019-02-21 |
2.1 |
| A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker... |
| CVE-2019-1665 |
1 Cisco |
1 Hyperflex Hx Data Platform |
2019-02-21 |
4.3 |
| A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected... |
| CVE-2019-8955 |
|
|
2019-02-21 |
N/A |
| In Tor before 0.3.3.12, 0.3.4.x before 0.3.4.11, 0.3.5.x before 0.3.5.8, and 0.4.x before 0.4.0.2-alpha, remote denial of service against Tor clients and relays can occur via memory exhaustion in the KIST cell scheduler. |
| CVE-2019-8996 |
|
|
2019-02-21 |
N/A |
| In Signiant Manager+Agents before 13.5, the implementation of the set command has a Buffer Overflow. |
| CVE-2019-6340 |
|
|
2019-02-21 |
N/A |
| Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the... |
| CVE-2019-1700 |
|
|
2019-02-21 |
N/A |
| A vulnerability in field-programmable gate array (FPGA) ingress buffer management for the Cisco Firepower 9000 Series with the Cisco Firepower 2-port 100G double-width network module (PID: FPR9K-DNM-2X100G) could allow an unauthenticated,... |
| CVE-2019-1698 |
|
|
2019-02-21 |
N/A |
| A vulnerability in the web-based user interface of Cisco Internet of Things Field Network Director (IoT-FND) Software could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The... |
| CVE-2018-12547 |
|
|
2019-02-21 |
7.5 |
| In Eclipse OpenJ9, prior to the 0.12.0 release, the jio_snprintf() and jio_vsnprintf() native methods ignored the length parameter. This affects existing APIs that called the functions to exceed the allocated buffer. This functions were not... |
| CVE-2018-11855 |
1 Qualcomm |
17 Mdm9607 Firmware, Mdm9650 Firmware, Mdm9655 Firmware and 14 more |
2019-02-21 |
7.2 |
| If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,... |
| CVE-2019-5778 |
3 Google, Debian, Redhat |
5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more |
2019-02-21 |
4.3 |
| A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for... |
| CVE-2018-15657 |
|
|
2019-02-21 |
1.9 |
| An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter. |
| CVE-2018-11847 |
1 Qualcomm |
33 Ipq8074 Firmware, Mdm9206 Firmware, Mdm9607 Firmware and 30 more |
2019-02-21 |
7.2 |
| Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,... |
| CVE-2018-20752 |
|
|
2019-02-21 |
7.5 |
| An issue was discovered in Recon-ng before 4.9.5. Lack of validation in the modules/reporting/csv.py file allows CSV injection. More specifically, when a Twitter user possesses an Excel macro for a username, it will not be properly sanitized when... |
| CVE-2019-1691 |
|
|
2019-02-21 |
N/A |
| A vulnerability in the detection engine of Cisco Firepower Threat Defense Software could allow an unauthenticated, remote attacker to cause the unexpected restart of the SNORT detection engine, resulting in a denial of service (DoS) condition.... |
| CVE-2019-1685 |
|
|
2019-02-21 |
N/A |
| A vulnerability in the Security Assertion Markup Language (SAML) single sign-on (SSO) interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the... |
| CVE-2019-1684 |
|
|
2019-02-21 |
N/A |
| A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload... |
| CVE-2019-1681 |
|
|
2019-02-21 |
N/A |
| A vulnerability in the TFTP service of Cisco Network Convergence System 1000 Series software could allow an unauthenticated, remote attacker to retrieve arbitrary files from the targeted device, possibly resulting in information disclosure. The... |
| CVE-2018-10612 |
|
|
2019-02-21 |
10.0 |
| In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive... |
