Vulnerabilities (CVE)

Filter

37088 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3396 1 Atlassian 1 Confluence 2019-04-18 10.0
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and...
CVE-2019-3710 2019-04-18 7.5
Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of...
CVE-2019-10643 1 Contao 1 Contao Cms 2019-04-18 7.5
Contao 4.7 allows Use of a Key Past its Expiration Date.
CVE-2019-5490 1 Netapp 1 Service Processor 2019-04-18 10.0
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact...
CVE-2019-3462 3 Debian, Netapp, Canonical 5 Apt, Active Iq, Element Software and 2 more 2019-04-18 9.3
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
CVE-2019-1710 2019-04-18 7.5
A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the...
CVE-2019-6579 1 Siemens 1 Spectrum Power 4 2019-04-18 7.5
A vulnerability has been identified in Spectrum Power? 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security...
CVE-2017-11430 1 Omnitauth-saml Project 1 Omnitauth-saml 2019-04-18 7.5
OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature,...
CVE-2017-11429 1 Clever 1 Saml2-js 2019-04-18 7.5
Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing...
CVE-2019-6575 1 Siemens 18 Simatic S7-1500 Software Controller, Simatic Wincc Runtime Advanced, Simatic Wincc Runtime Comfort and 15 more 2019-04-18 7.8
A vulnerability has been identified in SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions), SIMATIC RF188C (All...
CVE-2017-9833 1 Boa 1 Boa 2019-04-18 7.8
/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges.
CVE-2019-6610 1 F5 1 Big-ip Access Policy Manager 2019-04-18 9.0
On BIG-IP versions 14.0.0-14.0.0.4, 13.0.0-13.1.1.1, 12.1.0-12.1.4, 11.6.0-11.6.3.4, and 11.5.1-11.5.8, the system is vulnerable to a denial of service attack when performing URL classification.
CVE-2019-10880 2019-04-18 10.0
Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request (OS Command Injection vulnerability in the HTTP interface). Depending upon configuration...
CVE-2017-3549 1 Oracle 1 Scripting 2019-04-18 7.5
Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable"...
CVE-2018-17456 4 Git-scm, Canonical, Debian and 1 more 11 Git, Ubuntu Linux, Debian Linux and 8 more 2019-04-18 7.5
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file...
CVE-2018-16558 1 Siemens 1 Simatic S7-1500 Firmware 2019-04-18 7.8
A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote...
CVE-2019-0228 1 Apache 1 Pdfbox 2019-04-18 7.5
Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.
CVE-2017-11428 1 Onelogin 1 Ruby-saml 2019-04-18 7.5
OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature,...
CVE-2017-11427 1 Onelogin 1 Pythonsaml 2019-04-18 7.5
OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature,...
CVE-2018-16559 1 Siemens 1 Simatic S7-1500 Firmware 2019-04-18 7.8
A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote...