Vulnerabilities (CVE)

Filter

68118 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-10894 2 Wireshark, Fedoraproject 2 Wireshark, Fedora 2019-04-22 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
CVE-2019-6128 3 Libtiff, Canonical, Opensuse 3 Libtiff, Ubuntu Linux, Leap 2019-04-22 6.8
The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
CVE-2019-6706 2 Lua, Canonical 2 Lua, Ubuntu Linux 2019-04-22 5.0
Lua 5.3.5 has a use-after-free in lua_upvaluejoin in lapi.c. For example, a crash outcome might be achieved by an attacker who is able to trigger a debug.upvaluejoin call in which the arguments have certain relationships.
CVE-2019-11035 1 Php 1 Php 2019-04-22 6.4
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
CVE-2019-11034 1 Php 1 Php 2019-04-22 6.4
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
CVE-2019-11350 1 Cloudbees 1 Jenkins Operations Center 2019-04-22 5.0
CloudBees Jenkins Operations Center 2.150.2.3, when an expired trial license exists, allows Cleartext Password Storage and Retrieval via the proxy configuration page.
CVE-2019-11359 1 I-librarian 1 I%2c Librarian 2019-04-22 4.3
Cross-site scripting (XSS) vulnerability in display.php in I, Librarian 4.10 allows remote attackers to inject arbitrary web script or HTML via the project parameter.
CVE-2019-1788 1 Clamav 1 Clamav 2019-04-22 4.3
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an...
CVE-2019-1787 1 Clamav 1 Clamav 2019-04-22 4.3
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an...
CVE-2019-11378 1 Projectsend 1 Projectsend 2019-04-22 6.5
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files,...
CVE-2018-19970 2 Phpmyadmin, Debian 2 Phpmyadmin, Debian Linux 2019-04-22 4.3
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.
CVE-2018-19969 1 Phpmyadmin 1 Phpmyadmin 2019-04-22 6.8
phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new...
CVE-2018-11683 3 Liblouis, Canonical, Opensuse 3 Liblouis, Ubuntu Linux, Leap 2019-04-22 6.8
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.
CVE-2018-11440 3 Liblouis, Canonical, Opensuse 3 Liblouis, Ubuntu Linux, Leap 2019-04-22 6.8
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.
CVE-2017-7651 2 Eclipse, Debian 2 Mosquitto, Debian Linux 2019-04-22 5.0
In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur in connection phase of MQTT protocol.
CVE-2019-8455 1 Checkpoint 1 Zonealarm 2019-04-22 4.6
A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local...
CVE-2018-16877 1 Clusterlabs 1 Pacemaker 2019-04-22 4.6
A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.
CVE-2019-1831 1 Cisco 1 Email Security Appliance 2019-04-22 5.0
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to...
CVE-2019-1711 1 Cisco 1 Ios Xr 2019-04-22 5.0
A vulnerability in the Event Management Service daemon (emsd) of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper...
CVE-2019-2039 1 Google 1 Android 2019-04-22 4.7
In rw_i93_sm_detect_ndef of rw_i93.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for...