Vulnerabilities (CVE)

Filter

9538 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1835 1 Cisco 1 Aironet Access Point Firmware 2019-04-19 2.1
A vulnerability in the CLI of Cisco Aironet Access Points (APs) could allow an authenticated, local attacker to access sensitive information stored in an AP. The vulnerability is due to improper sanitization of user-supplied input in specific CLI...
CVE-2019-1834 1 Cisco 1 Aironet Access Point Firmware 2019-04-19 3.3
A vulnerability in the internal packet processing of Cisco Aironet Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected AP if the switch interface where the AP is...
CVE-2018-17288 1 Kofax 1 Front Office Server 2019-04-19 3.5
Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client)...
CVE-2019-10893 1 Centos-webpanel 1 Centos Web Panel 2019-04-19 3.5
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version) and 0.9.8.753 (Pro) is vulnerable to Stored/Persistent XSS for Admin Email fields on the "CWP Settings > "Edit Settings" screen. By changing the email ID to any...
CVE-2019-11017 1 Dlink 1 Di-524 Firmware 2019-04-19 3.5
On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.
CVE-2019-1777 1 Cisco 1 Registered Envelope Service 2019-04-19 3.5
A vulnerability in the web-based interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the service. The vulnerability is due to...
CVE-2019-11015 1 Miui 1 Miui 2019-04-19 2.1
A vulnerability was found in the MIUI OS version 10.1.3.0 that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored...
CVE-2019-1802 1 Cisco 1 Firepower Management Center 2019-04-19 3.5
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of...
CVE-2019-1725 1 Cisco 1 Unified Computing System 2019-04-19 3.6
A vulnerability in the local management CLI implementation for specific commands on the Cisco UCS B-Series Blade Servers could allow an authenticated, local attacker to overwrite an arbitrary file on disk. It is also possible the attacker could...
CVE-2019-10300 1 Jenkins 1 Gitlab 2019-04-19 3.5
A cross-site request forgery vulnerability in Jenkins GitLab Plugin 1.5.11 and earlier in the GitLabConnectionConfig#doTestConnection form validation method allowed attackers to connect to an attacker-specified URL using attacker-specified...
CVE-2019-1805 1 Cisco 1 Wireless Lan Controller Software 2019-04-19 3.3
A vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected...
CVE-2019-1794 1 Cisco 1 Meeting Server 2019-04-18 3.6
A vulnerability in the search path processing of Cisco Directory Connector could allow an authenticated, local attacker to load a binary of their choosing. The vulnerability is due to uncontrolled search path elements. An attacker could exploit...
CVE-2019-1719 1 Cisco 1 Identity Services Engine 2019-04-18 3.5
A vulnerability in the web-based guest portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The...
CVE-2018-6260 1 Nvidia 1 Gpu Driver 2019-04-18 2.1
NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector.
CVE-2018-20482 2 Gnu, Debian 2 Tar, Debian Linux 2019-04-18 1.9
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be...
CVE-2018-12155 1 Intel 1 Integrated Performance Primitives 2019-04-18 2.1
Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2017-5695 1 Intel 7 Ssd Pro 5400s M.2 Firmware, Ssd E 5400s M.2 Firmware, Ssd 540s 2.5%22 Firmware and 4 more 2019-04-18 2.1
Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P,...
CVE-2019-7317 1 Libpng 1 Libpng 2019-04-18 2.6
png_image_free in png.c in libpng 1.6.36 has a use-after-free because png_image_free_function is called under png_safe_execute.
CVE-2018-6556 2 Linuxcontainers, Canonical 2 Lxc, Ubuntu Linux 2019-04-18 2.1
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn't otherwise be able to reach. It may...
CVE-2019-0162 1 Intel 1 - 2019-04-18 2.1
Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.