Vulnerabilities (CVE)

Filter

69975 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-15710 1 Nagios 1 Nagios Xi 2019-06-26 7.2
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
CVE-2019-12836 2019-06-25 6.8
The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker to add a URL/Link (to an existing issue) that can cause forgery of a request to an out-of-origin domain. This in turn may allow for a forged request that can be invoked in the...
CVE-2019-4382 1 Ibm 1 Api Connect 2019-06-25 5.0
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162.
CVE-2019-4377 1 Ibm 1 Sterling B2b Integrator 2019-06-25 4.0
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803.
CVE-2018-2013 1 Ibm 1 Api Connect 2019-06-25 5.0
IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193.
CVE-2018-1858 1 Ibm 1 Api Connect 2019-06-25 6.8
IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256.
CVE-2019-12817 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2019-06-25 6.9
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of...
CVE-2019-1625 1 Cisco 1 Sd-wan Firmware 2019-06-25 7.2
A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An...
CVE-2019-12949 1 Netgate 1 Pfsense 2019-06-25 4.3
In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and...
CVE-2019-12958 1 Glyphandcog 1 Xpdfreader 2019-06-25 4.3
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.
CVE-2019-12957 1 Glyphandcog 1 Xpdfreader 2019-06-25 6.8
In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the...
CVE-2019-12964 1 Livezilla 1 Livezilla 2019-06-25 4.3
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the ticket.php Subject.
CVE-2019-12962 1 Livezilla 1 Livezilla 2019-06-25 4.3
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header.
CVE-2019-12963 1 Livezilla 1 Livezilla 2019-06-25 4.3
LiveZilla Server before 8.0.1.1 is vulnerable to XSS in the chat.php Create Ticket Action.
CVE-2019-9735 3 Openstack, Redhat, Debian 3 Neutron, Openstack, Debian Linux 2019-06-25 4.0
An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't...
CVE-2019-7396 2 Imagemagick, Opensuse 2 Imagemagick, Leap 2019-06-25 5.0
In ImageMagick before 7.0.8-25, a memory leak exists in ReadSIXELImage in coders/sixel.c.
CVE-2018-18544 3 Imagemagick, Opensuse, Graphicsmagick 3 Imagemagick, Leap, Graphicsmagick 2019-06-25 4.3
There is a memory leak in the function WriteMSLImage of coders/msl.c in ImageMagick 7.0.8-13 Q16, and the function ProcessMSLScript of coders/msl.c in GraphicsMagick before 1.3.31.
CVE-2018-18025 2 Imagemagick, Debian 2 Imagemagick, Debian Linux 2019-06-25 4.3
In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the EncodeImage function of coders/pict.c, which allows attackers to cause a denial of service via a crafted SVG image file.
CVE-2018-18024 1 Imagemagick 1 Imagemagick 2019-06-25 4.3
In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPImage function of the coders/bmp.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted bmp file.
CVE-2018-18023 1 Imagemagick 1 Imagemagick 2019-06-25 4.3
In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-read in the SVGStripString function of coders/svg.c, which allows attackers to cause a denial of service via a crafted SVG image file.