Vulnerabilities (CVE)

Filter

68105 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-10739 1 Gnu 1 Glibc 2019-04-20 4.6
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume...
CVE-2019-10863 2019-04-20 6.5
A command injection vulnerability exists in TeemIp versions before 2.4.0. The new_config parameter of exec.php allows one to create a new PHP file with the exception of config information. The malicious PHP code sent is executed instantaneously...
CVE-2019-10903 1 Wireshark 1 Wireshark 2019-04-19 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
CVE-2019-10902 1 Wireshark 1 Wireshark 2019-04-19 5.0
In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.
CVE-2019-10901 1 Wireshark 1 Wireshark 2019-04-19 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
CVE-2019-10900 1 Wireshark 1 Wireshark 2019-04-19 5.0
In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely.
CVE-2019-10899 1 Wireshark 1 Wireshark 2019-04-19 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.
CVE-2019-10898 1 Wireshark 1 Wireshark 2019-04-19 5.0
In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length.
CVE-2019-10897 1 Wireshark 1 Wireshark 2019-04-19 5.0
In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.
CVE-2019-10896 1 Wireshark 1 Wireshark 2019-04-19 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.
CVE-2019-10895 1 Wireshark 1 Wireshark 2019-04-19 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.
CVE-2019-10894 1 Wireshark 1 Wireshark 2019-04-19 5.0
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
CVE-2018-11684 3 Liblouis, Canonical, Opensuse 3 Liblouis, Ubuntu Linux, Leap 2019-04-19 6.8
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.
CVE-2018-20200 2019-04-19 4.3
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application.
CVE-2018-17289 1 Kofax 1 Front Office Server 2019-04-19 4.0
An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file)...
CVE-2018-11577 3 Liblouis, Canonical, Opensuse 3 Liblouis, Ubuntu Linux, Leap 2019-04-19 6.8
Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.
CVE-2019-1830 1 Cisco 1 Wireless Lan Controller Software 2019-04-19 6.8
A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS)...
CVE-2018-11685 3 Liblouis, Canonical, Opensuse 3 Liblouis, Ubuntu Linux, Leap 2019-04-19 6.8
Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.
CVE-2019-1841 2019-04-19 5.5
A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of...
CVE-2019-6974 2 Linux, Debian 2 Linux Kernel, Debian Linux 2019-04-19 6.8
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.