Vulnerabilities (CVE)

Filter

66871 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-16098 1 Lenovo 59 Synaptics Thinkpad Ultranav Driver, Thiankpad L430 Firmware, Thiankpad L530 Firmware and 56 more 2019-02-22 7.2
In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user.
CVE-2019-1666 1 Cisco 1 Hyperflex Hx Data Platform 2019-02-21 5.0
A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could...
CVE-2019-1665 1 Cisco 1 Hyperflex Hx Data Platform 2019-02-21 4.3
A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected...
CVE-2018-11855 1 Qualcomm 17 Mdm9607 Firmware, Mdm9650 Firmware, Mdm9655 Firmware and 14 more 2019-02-21 7.2
If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity,...
CVE-2019-5778 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-02-21 4.3
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for...
CVE-2018-11847 1 Qualcomm 33 Ipq8074 Firmware, Mdm9206 Firmware, Mdm9607 Firmware and 30 more 2019-02-21 7.2
Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,...
CVE-2018-20783 1 Php 1 Php 2019-02-21 5.0
In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar...
CVE-2019-1003004 1 Jenkins 1 Jenkins 2019-02-21 6.5
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions...
CVE-2019-8982 1 Wavemaker 1 Wavemarker Studio 2019-02-21 6.8
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.
CVE-2019-8308 2 Debian, Redhat 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2019-02-21 4.4
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
CVE-2019-0257 1 Sap 1 Netweaver Abap 2019-02-21 6.5
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user,...
CVE-2019-6242 1 Kentico 1 Kentico 2019-02-21 4.0
** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to...
CVE-2019-8337 1 Marlam 1 Msmtp 2019-02-21 5.0
In msmtp 1.8.2, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.
CVE-2018-19858 1 Princexml 1 Princexml 2019-02-21 5.0
PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus...
CVE-2018-5817 1 Libraw 1 Libraw 2019-02-21 5.0
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
CVE-2018-5818 1 Libraw 1 Libraw 2019-02-21 5.0
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
CVE-2018-1945 2019-02-21 5.8
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could...
CVE-2018-1946 2019-02-21 5.0
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption...
CVE-2018-1947 2019-02-21 4.3
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...
CVE-2018-1948 2019-02-21 4.3
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a...