Vulnerabilities (CVE)

Filter

10179 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1158 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-08-19 2.1
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1143, CVE-2019-1154.
CVE-2018-10545 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-08-19 1.9
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing...
CVE-2019-13057 2 Openldap, Canonical 2 Openldap, Ubuntu Linux 2019-08-19 3.5
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not...
CVE-2018-18358 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-08-17 2.9
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
CVE-2019-14948 2019-08-16 3.5
The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure.
CVE-2019-14221 1 1crm 1 1crm 2019-08-16 3.5
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.
CVE-2018-20855 1 Linux 1 Linux Kernel 2019-08-16 2.1
An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace.
CVE-2018-20956 1 Swann 1 Swwhd-intcam-hd Firmware 2019-08-16 2.1
Swann SWWHD-INTCAM-HD devices leave the PSK in logs after a factory reset.
CVE-2019-14783 1 Google 1 Android 2019-08-16 2.1
On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764.
CVE-2019-5403 1 Hp 1 3par Storeserv Management Console 2019-08-16 3.5
A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1.
CVE-2019-5398 2019-08-16 3.5
A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1.
CVE-2019-14987 1 Schben 1 Framework 2019-08-15 3.5
Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions.
CVE-2018-20958 2019-08-15 3.3
The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device.
CVE-2018-1116 3 Polkit Project, Canonical, Debian 3 Polkit, Ubuntu Linux, Debian Linux 2019-08-15 3.6
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by...
CVE-2019-1973 2019-08-15 3.5
A vulnerability in the web portal framework of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. The...
CVE-2019-1956 2019-08-15 3.5
A vulnerability in the web-based interface of the Cisco SPA112 2-Port Phone Adapter could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the device. The vulnerability is due to...
CVE-2019-1959 2019-08-15 2.1
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these...
CVE-2018-1987 2019-08-15 1.9
IBM Spectrum Protect for Enterprise Resource Planning 7.1 and 8.1, if tracing is activated, the IBM Spectrum Protect node password may be displayed in plain text in the ERP trace file. IBM X-Force ID: 154280.
CVE-2019-1960 2019-08-15 2.1
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these...
CVE-2019-1949 1 Cisco 1 Firepower Management Center 2019-08-15 3.5
A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an...