Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

415 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-15030 1 Linux 1 Linux Kernel 2019-09-16 3.6
In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware...
CVE-2019-16275 1 W1.fi 2 Hostapd, Wpa Supplicant 2019-09-16 3.3
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka...
CVE-2018-5252 2 Imageworsener Project, Entropymine 2 Imageworsener, Imageworsener 2019-09-16 2.6
libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function in imagew-main.c.
CVE-2019-10917 1 Siemens 4 Simatic Pcs 7, Simatic Wincc, Simatic Wincc %28tia Portal%29 and 1 more 2019-09-13 2.1
A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier (All versions), SIMATIC PCS 7 V8.1 (All versions < V8.1 with WinCC V7.3 Upd 19), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1 with WinCC V7.4 SP1 Upd11), SIMATIC PCS 7 V9.0 (All...
CVE-2019-1294 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-09-13 2.1
A security feature bypass exists when Windows Secure Boot improperly restricts access to debugging functionality, aka 'Windows Secure Boot Security Feature Bypass Vulnerability'.
CVE-2019-16214 2019-09-11 3.5
Libra Core before 2019-09-03 has an erroneous regular expression for inline comments, which makes it easier for attackers to interfere with code auditing by using a nonstandard line-break character for a comment. For example, a Move module author...
CVE-2019-9453 1 Google 1 Android 2019-09-09 2.1
In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.
CVE-2019-12588 1 Espressif 1 Arduino Esp8266 2019-09-09 3.3
The client 802.11 mac implementation in Espressif ESP8266_NONOS_SDK 2.2.0 through 3.1.0 does not validate correctly the RSN AuthKey suite list count in beacon frames, probe responses, and association responses, which allows attackers in radio...
CVE-2019-2180 1 Google 1 Android 2019-09-06 2.1
In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges...
CVE-2019-12586 1 Espressif 2 Arduino-esp32, Esp-idf 2019-09-05 3.3
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of...
CVE-2019-2389 1 Mongodb 1 Mongodb 2019-09-05 3.3
Incorrect scoping of kill operations in MongoDB Server's packaged SysV init scripts allow users with write access to the PID file to insert arbitrary PIDs to be killed when the root user stops the MongoDB process via SysV init. This issue...
CVE-2019-5478 1 Xilinx 2 Zynq Ultrascale%2b Mpsoc Firmware, Zynq Ultrascale%2b Rfsoc Firmware 2019-09-05 2.1
A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior.
CVE-2019-12626 1 Cisco 1 Unified Contact Center Express 2019-08-30 3.5
A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based...
CVE-2019-4049 2019-08-23 2.1
IBM MQ 9.1.0.0, 9.1.0.1, 9.1.1, and 9.1.0.2 is vulnerable to a denial of service due to a local user being able to fill up the disk space of the underlying filesystem using the error logging service. IBM X-Force ID: 156398.
CVE-2019-1218 1 Microsoft 1 Outlook 2019-08-20 3.5
A spoofing vulnerability exists in the way Microsoft Outlook iOS software parses specifically crafted email messages, aka 'Outlook iOS Spoofing Vulnerability'.
CVE-2018-18358 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-08-17 2.9
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file.
CVE-2019-1959 2019-08-15 2.1
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these...
CVE-2019-1960 2019-08-15 2.1
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these...
CVE-2018-1283 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Santricity Cloud Connector and 5 more 2019-08-15 3.5
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the...
CVE-2019-2636 1 Oracle 1 Mysql 2019-08-14 3.5
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Group Replication Plugin). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with...