Vulnerabilities (CVE)

Filter

71747 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-0332 1 Sap 1 Businessobjects Business Intelligence 2019-08-19 4.3
SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting...
CVE-2019-1159 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-08-19 7.2
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1164.
CVE-2019-14432 1 Loom 1 Loom 2019-08-19 6.8
Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is...
CVE-2019-14743 1 Valvesoftware 1 Steam Client 2019-08-19 7.2
** DISPUTED ** In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access. NOTE: the vendor disputes the...
CVE-2019-11208 1 Tibco 1 Api Exchange Gateway 2019-08-19 6.5
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to...
CVE-2019-14433 1 Openstack 1 Nova 2019-08-19 4.0
An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may...
CVE-2018-5712 3 Php, Canonical, Debian 3 Php, Ubuntu Linux, Debian Linux 2019-08-19 4.3
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
CVE-2018-5711 3 Php, Canonical, Debian 3 Php, Ubuntu Linux, Debian Linux 2019-08-19 4.3
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as...
CVE-2018-17082 3 Php, Debian, Netapp 3 Php, Debian Linux, Storage Automation Store 2019-08-19 4.3
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function...
CVE-2018-14884 2 Php, Netapp 2 Php, Storage Automation Store 2019-08-19 5.0
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL...
CVE-2018-14851 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-08-19 4.3
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted...
CVE-2018-10549 4 Php, Canonical, Netapp and 1 more 4 Php, Ubuntu Linux, Storage Automation Store and 1 more 2019-08-19 6.8
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a...
CVE-2018-10548 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-08-19 5.0
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of...
CVE-2018-10547 4 Php, Canonical, Debian and 1 more 4 Php, Ubuntu Linux, Debian Linux and 1 more 2019-08-19 4.3
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file....
CVE-2018-10546 4 Php, Canonical, Netapp and 1 more 4 Php, Ubuntu Linux, Storage Automation Store and 1 more 2019-08-19 5.0
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences.
CVE-2017-9118 2 Php, Netapp 2 Php, Storage Automation Store 2019-08-19 5.0
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
CVE-2017-16642 4 Php, Netapp, Canonical and 1 more 5 Php, Storage Automation Store, Ubuntu Linux and 2 more 2019-08-19 5.0
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from...
CVE-2019-1010189 2019-08-19 4.3
mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1.
CVE-2019-13565 2 Openldap, Canonical 2 Openldap, Ubuntu Linux 2019-08-19 5.0
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a...
CVE-2019-7108 1 Adobe 2 Flash Player, Flash Player Desktop Runtime 2019-08-18 5.0
Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure .