Vulnerabilities (CVE)

CWE filter



243 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-4977 1 Pivotal 1 Spring Security Oauth 2019-10-16 6.5
When processing authorization requests using the whitelabel views in Spring Security OAuth 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote code...
CVE-2019-4236 1 Ibm 1 Spectrum Protect 2019-10-09 2.1
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in...
CVE-2019-3554 1 Facebook 1 Wangle 2019-10-09 4.3
Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle prior to v2019.01.14.00
CVE-2019-0014 1 Juniper 1 Junos 2019-10-09 5.0
On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly...
CVE-2019-0013 1 Juniper 1 Junos 2019-10-09 5.0
The routing protocol daemon (RPD) process will crash and restart when a specific invalid IPv4 PIM Join packet is received. While RPD restarts after a crash, repeated crashes can result in an extended Denial of Service (DoS) condition. This issue...
CVE-2019-0012 1 Juniper 1 Junos 2019-10-09 4.3
A Denial of Service (DoS) vulnerability in BGP in Juniper Networks Junos OS configured as a VPLS PE allows an attacker to craft a specific BGP message to cause the routing protocol daemon (rpd) process to crash and restart. While rpd restarts...
CVE-2018-6332 1 Facebook 1 Hhvm 2019-10-09 4.3
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the...
CVE-2016-4925 1 Juniper 1 Junose 2019-10-09 5.0
Receipt of a specifically malformed IPv6 packet processed by the router may trigger a line card reset: processor exception 0x68616c74 (halt) in task: scheduler. The line card will reboot and recover without user interaction. However, additional...
CVE-2016-2510 4 Beanshell Project, Debian, Beanshell and 1 more 4 Debian Linux, Beanshell, Beanshell and 1 more 2019-09-19 6.8
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
CVE-2019-13917 2 Exim, Debian 2 Exim, Debian Linux 2019-09-07 10.0
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain).
CVE-2015-8985 1 Gnu 1 Glibc 2019-08-15 4.3
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.
CVE-2019-14794 1 Metabox 1 Meta Box 2019-08-14 5.0
The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders.
CVE-2018-20892 1 Cpanel 1 Cpanel 2019-08-08 4.0
cPanel before 74.0.0 allows arbitrary zone file modifications because of incorrect CAA record handling (SEC-439).
CVE-2014-3916 1 Rubyonrails 2 Ruby On Rails, Rails 2019-08-08 5.0
The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string.
CVE-2018-20880 1 Cpanel 1 Cpanel 2019-08-02 2.1
cPanel before 74.0.8 mishandles account suspension because of an invalid email_accounts.json file (SEC-445).
CVE-2019-5811 3 Google, Fedoraproject, Opensuse 3 Chrome, Fedora, Leap 2019-07-25 6.8
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVE-2019-13624 1 Onosproject 1 Onos 2019-07-19 10.0
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/ mishandles backquote characters within strings that can be used in a shell command.
CVE-2019-0811 1 Microsoft 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 2019-07-19 5.0
A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries, aka 'Windows DNS Server Denial of Service Vulnerability'.
CVE-2019-1083 1 Microsoft 1 .net Framework 2019-07-17 5.0
A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'.
CVE-2014-2682 1 Zend 10 Zendservice Audioscrobbler, Zendopenid, Zendrest and 7 more 2019-07-16 6.8
Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure...