Vulnerabilities (CVE)

Filter

69731 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-9946 2 Kubernetes, Netapp 2 Kubernetes, Cloud Insights 2019-06-15 5.0
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the...
CVE-2019-9917 3 Znc, Canonical, Fedoraproject 3 Znc, Ubuntu Linux, Fedora 2019-06-15 4.0
ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.
CVE-2019-9162 2 Linux, Netapp 2 Linux Kernel, Element Software Management 2019-06-15 4.6
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or...
CVE-2019-8956 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2019-06-15 7.2
In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.
CVE-2019-7221 7 Fedoraproject, Linux, Opensuse and 4 more 16 Fedora, Linux Kernel, Leap and 13 more 2019-06-15 4.6
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
CVE-2019-11486 1 Linux 1 Linux Kernel 2019-06-15 6.9
The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.
CVE-2018-20669 1 Linux 1 Linux Kernel 2019-06-15 7.2
An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL...
CVE-2013-7470 1 Linux 1 Linux Kernel 2019-06-15 7.1
cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than...
CVE-2019-11334 1 Tzumi 2 Klic Lock, Klic Smart Padlock Model 5686 Firmware 2019-06-14 4.3
An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application 1.0.9 for mobile devices allows attackers to access resources (that are not otherwise accessible without proper authentication) via capture-replay....
CVE-2018-5912 1 Qualcomm 9 Msm8996au Firmware, Sd 450 Firmware, Sd 625 Firmware and 6 more 2019-06-14 7.2
Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile in MSM8996AU, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660
CVE-2015-3195 6 Openssl, Apple, Oracle and 3 more 16 Sun Ray Software, Openssl, Transportation Management and 13 more 2019-06-14 5.0
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers...
CVE-2019-10971 1 Omron 1 Network Configurator For Devicenet Safety 2019-06-14 6.8
The application (Network Configurator for DeviceNet Safety 3.41 and prior) searches for resources by means of an untrusted search path that could execute a malicious .dll file not under the application's direct control and outside the intended...
CVE-2019-3946 1 Fujielectric 1 V-server 2019-06-14 5.0
Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic.
CVE-2019-10150 1 Redhat 1 Openshift Container Platform 2019-06-14 4.3
It was found that OpenShift Container Platform versions 3.6.x - 4.6.0 does not perform SSH Host Key checking when using ssh key authentication during builds. An attacker, with the ability to redirect network traffic, could use this to alter the...
CVE-2019-1019 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-06-14 6.5
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages.To exploit this vulnerability, an attacker could send a specially crafted authentication request, aka 'Microsoft Windows...
CVE-2019-5442 1 Pippo 1 Pippo 2019-06-14 5.0
XML Entity Expansion (Billion Laughs Attack) on Pippo 1.12.0 results in Denial of Service.Entities are created recursively and large amounts of heap memory is taken. Eventually, the JVM process will run out of memory. Otherwise, if the OS does...
CVE-2019-3888 1 Redhat 2 Undertow, Virtualization 2019-06-14 5.0
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using...
CVE-2019-1069 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-06-14 7.2
An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'.
CVE-2019-0305 1 Sap 1 Netweaver Process Integration 2019-06-14 4.3
Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another...
CVE-2019-5286 2019-06-14 4.3
There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier...