Vulnerabilities (CVE)

Filter

9527 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1794 1 Cisco 1 Meeting Server 2019-04-18 3.6
A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit...
CVE-2019-1719 1 Cisco 1 Identity Services Engine 2019-04-18 3.5
A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The...
CVE-2018-6260 1 Nvidia 1 Gpu Driver 2019-04-18 2.1
NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector.
CVE-2018-20482 2 Gnu, Debian 2 Tar, Debian Linux 2019-04-18 1.9
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be...
CVE-2018-12155 1 Intel 1 Integrated Performance Primitives 2019-04-18 2.1
Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2017-5695 1 Intel 7 Ssd Pro 5400s M.2 Firmware, Ssd E 5400s M.2 Firmware, Ssd 540s 2.5%22 Firmware and 4 more 2019-04-18 2.1
Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P,...
CVE-2019-7317 1 Libpng 1 Libpng 2019-04-18 2.6
png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2018-6556 2 Linuxcontainers, Canonical 2 Lxc, Ubuntu Linux 2019-04-18 2.1
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may...
CVE-2019-0162 1 Intel 1 - 2019-04-18 2.1
Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-8453 1 Checkpoint 1 Zonealarm 2019-04-18 2.1
Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client.
CVE-2018-19665 1 Qemu 1 Qemu 2019-04-17 2.7
The Bluetooth subsystem in QEMU mishandles negative values for length variables, leading to memory corruption.
CVE-2018-1283 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Santricity Cloud Connector and 5 more 2019-04-17 3.5
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the...
CVE-2019-5673 1 Nvidia 1 Jetson Tx2 2019-04-17 3.6
NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on all versions prior to R28.3) where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition, causing transactions to be discarded, which may lead to...
CVE-2019-0796 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-04-17 2.1
An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0805,...
CVE-2018-1723 1 Ibm 1 Spectrum Scale 2019-04-16 2.1
IBM Spectrum Scale 4.1.1.0, 4.1.1.20, 4.2.0.0, 4.2.3.10, 5.0.0 and 5.0.1.2 could allow an unprivileged, authenticated user with access to a GPFS node to read arbitrary files available on this node. IBM X-Force ID: 147373.
CVE-2016-5005 1 Apache 1 Archiva 2019-04-16 3.5
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action.
CVE-2018-11208 1 Zblogcn 1 Z-blogphp 2019-04-16 3.5
** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the...
CVE-2019-3870 2 Samba, Fedoraproject 2 Samba, Fedora 2019-04-16 3.6
A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode...
CVE-2018-6239 2019-04-16 2.1
NVIDIA Jetson TX2 contains a vulnerability by means of speculative execution where local and unprivileged code may access the contents of cached information in an unauthorized manner, which may lead to information disclosure. The updates apply to...
CVE-2018-1688 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2019-04-16 3.5
IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 through 6.0.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...