Vulnerabilities (CVE)

CWE filter



6629 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1318 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-10-11 4.3
A spoofing vulnerability exists when Transport Layer Security (TLS) accesses non- Extended Master Secret (EMS) sessions, aka 'Microsoft Windows Transport Layer Security Spoofing Vulnerability'.
CVE-2019-5418 3 Rubyonrails, Debian, Redhat 3 Rails, Debian Linux, Cloudforms 2019-10-11 5.0
There is a File Content Disclosure vulnerability in Action View <, <, <, < and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
CVE-2019-15021 1 Zingbox 1 Inspector 2019-10-11 5.0
A security vulnerability exists in the Zingbox Inspector versions 1.294 and earlier, that can allow an attacker to easily identify instances of Zingbox Inspectors in a local area network.
CVE-2019-1363 1 Microsoft 2 Windows 7, Windows Server 2008 2019-10-11 2.1
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure...
CVE-2019-1361 1 Microsoft 2 Windows 7, Windows Server 2008 2019-10-11 4.3
An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'.
CVE-2019-1345 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-10-11 2.1
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1334.
CVE-2019-1369 1 Microsoft 1 Open Enclave Software Development Kit 2019-10-11 5.0
An information disclosure vulnerability exists when affected Open Enclave SDK versions improperly handle objects in memory, aka 'Open Enclave SDK Information Disclosure Vulnerability'.
CVE-2019-17110 1 Kubernetes 1 Kube-state-metrics 2019-10-10 5.0
A security issue was discovered in kube-state-metrics 1.7.x before 1.7.2. An experimental feature was added to v1.7.0 and v1.7.1 that enabled annotations to be exposed as metrics. By default, kube-state-metrics metrics only expose metadata about...
CVE-2019-15902 4 Linux, Netapp, Debian and 1 more 6 Linux Kernel, Active Iq Performance Analytics Services, Service Processor and 3 more 2019-10-10 4.7
A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream "x86/ptrace: Fix possible...
CVE-2019-3868 1 Redhat 1 Keycloak 2019-10-10 5.5
Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user?s browser session.
CVE-2019-5513 1 Vmware 1 Horizon 2019-10-10 5.0
VMware Horizon Connection Server (7.x before 7.8, 7.5.x before 7.5.2, 6.x before 6.2.8) contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server?s...
CVE-2019-3797 2019-10-10 5.0
This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ?startingWith?, ?endingWith? or ?containing? could return more results than anticipated when a maliciously crafted...
CVE-2019-13466 2019-10-10 5.0
Western Digital SSD Dashboard before and SanDisk SSD Dashboard before have Incorrect Access Control. The ?generate reports? archive is protected with a hard-coded password. An application update that addresses the protection of...
CVE-2019-0356 1 Sap 1 Netweaver Process Integration 2019-10-10 4.0
Under certain conditions SAP NetWeaver Process Integration Runtime Workbench ? MESSAGING and SAP_XIAF (before versions 7.31, 7.40, 7.50) allows an attacker to access information which would otherwise be restricted.
CVE-2006-4595 1 Muforum 1 Muforum 2019-10-10 5.0
muforum (?forum) 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes.
CVE-2005-2036 1 Cool Cafe Chat 1 Cool Cafe Chat 2019-10-10 7.5
modifyUser.asp in Cool Cafe (Cool Caf?) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value.
CVE-2019-9753 1 Otrs 1 Otrs 2019-10-09 4.0
An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is...
CVE-2019-8986 1 Tibco 1 Jasperreports Server 2019-10-09 4.0
The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host...
CVE-2019-8283 2019-10-09 4.3
Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have 'HttpOnly' flag. This allows malicious javascript to steal it.
CVE-2019-7393 1 Ca 2 Risk Authentication, Strong Authentication 2019-10-09 4.0
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain...