Vulnerabilities (CVE)

Filter

9323 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1667 1 Cisco 1 Hyperflex Hx Data Platform 2019-02-21 2.1
A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker...
CVE-2018-15657 2019-02-21 1.9
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.
CVE-2018-3989 1 Wibu 1 Wibukey 2019-02-21 2.1
An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory,...
CVE-2016-3159 4 Xen, Fedoraproject, Oracle and 1 more 4 Vm Server, Xen, Fedora and 1 more 2019-02-21 1.7
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another...
CVE-2016-3614 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-02-21 3.5
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.
CVE-2018-20587 2019-02-21 2.1
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests...
CVE-2018-9867 2019-02-21 2.1
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability...
CVE-2018-20241 1 Atlassian 2 Crucible, Fisheye 2019-02-21 3.5
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
CVE-2018-15800 2019-02-20 3.5
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the...
CVE-2019-0103 2019-02-20 2.1
Insufficient file protection in install routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-0104 2019-02-20 2.1
Insufficient file protection in uninstall routine for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2018-7988 2019-02-20 3.6
There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker uses a data cable to connect the smartphone to another smartphone and then perform a series...
CVE-2018-8024 2 Apache, Mozilla 2 Spark, Firefox 2019-02-20 3.5
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to...
CVE-2018-19918 1 Cuppacms 1 Cuppacms 2019-02-20 3.5
CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI.
CVE-2018-19845 1 Get-simple 1 Getsimple Cms 2019-02-20 3.5
There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325.
CVE-2018-19844 1 Frogcms Project 1 Frogcms 2019-02-20 3.5
FROG CMS 0.9.5 has XSS via the admin/?/snippet/add name parameter, which is mishandled during an edit action, a related issue to CVE-2018-10319.
CVE-2016-8751 1 Apache 1 Ranger 2019-02-20 3.5
Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.
CVE-2018-20240 1 Atlassian 2 Crucible, Fisheye 2019-02-20 3.5
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
CVE-2019-0108 2019-02-20 2.1
Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access.
CVE-2019-0110 2019-02-20 2.1
Insufficient key management for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.