Vulnerabilities (CVE)

CWE filter

CWE-254

Filter

804 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-18602 1 Guardzilla 6 180 Indoor Firmware, 180 Outdoor Firmware, 360 Indoor Firmware and 3 more 2019-02-21 5.0
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.
CVE-2016-2047 7 Mariadb, Oracle, Novell and 4 more 8 Leap, Mariadb, Enterprise Linux and 5 more 2019-02-21 4.3
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly...
CVE-2019-5768 3 Google, Debian, Redhat 5 Chrome, Debian Linux, Enterprise Linux Desktop and 2 more 2019-02-20 4.3
DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension.
CVE-2018-14992 1 Asus 1 Zenfone 3 Max Firmware 2019-02-19 2.1
The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a package name of com.asus.dm...
CVE-2018-15437 1 Cisco 2 Advanced Malware Protection For Endpoints, Immunet For Endpoints 2019-02-15 2.1
A vulnerability in the system scanning component of Cisco Immunet and Cisco Advanced Malware Protection (AMP) for Endpoints running on Microsoft Windows could allow a local attacker to disable the scanning functionality of the product. This could...
CVE-2018-18698 1 Mi 1 Xiaomi Mi-a1 Firmware 2019-02-14 5.0
An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot.
CVE-2018-18537 1 Asus 1 Aura Sync Firmware 2019-02-14 2.1
The GLCKIo low-level driver in ASUS Aura Sync v1.07.22 and earlier exposes a path to write an arbitrary DWORD to an arbitrary address.
CVE-2018-8039 2 Apache, Redhat 2 Cxf, Jboss Enterprise Application Platform 2019-02-14 6.8
It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");'. When this system property is set, CXF uses some reflection to try...
CVE-2018-5741 1 Isc 1 Bind 2019-02-13 4.0
To provide fine-grained controls over the ability to use Dynamic DNS (DDNS) to update records in a zone, BIND 9 provides a feature called update-policy. Various rules can be configured to limit the types of updates that can be performed by a...
CVE-2019-0007 1 Juniper 1 Junos 2019-02-13 7.5
The vMX Series software uses a predictable IP ID Sequence Number. This leaves the system as well as clients connecting through the device susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base...
CVE-2019-1003002 1 Jenkins 1 Pipeline%3a Declarative 2019-02-13 6.5
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read...
CVE-2019-1003001 1 Jenkins 1 Pipeline%3a Groovy 2019-02-13 6.5
A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.61 and earlier in src/main/java/org/jenkinsci/plugins/workflow/cps/CpsFlowDefinition.java, src/main/java/org/jenkinsci/plugins/workflow/cps/CpsGroovyShellFactory.java that allows...
CVE-2018-16487 2019-02-08 7.5
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
CVE-2015-3729 1 Apple 2 Iphone Os, Safari 2019-02-08 4.3
Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site.
CVE-2018-18506 2 Mozilla, Canonical 2 Firefox, Ubuntu Linux 2019-02-08 4.3
When proxy auto-detection is enabled, if a web server serves a Proxy Auto-Configuration (PAC) file or if a PAC file is loaded locally, this PAC file can specify that requests to the localhost are to be sent through the proxy to another server....
CVE-2015-3751 1 Apple 2 Iphone Os, Safari 2019-02-07 5.0
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction...
CVE-2015-3755 1 Apple 2 Iphone Os, Safari 2019-02-07 4.3
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL.
CVE-2015-3750 1 Apple 2 Iphone Os, Safari 2019-02-07 6.4
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mechanism for Content Security Policy (CSP) report...
CVE-2019-1003000 1 Jenkins 1 Script Security 2019-02-07 6.5
A sandbox bypass vulnerability exists in Script Security Plugin 2.49 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/GroovySandbox.java that allows attackers with the ability to provide sandboxed scripts to...
CVE-2018-7080 1 Arubanetworks 4 203r Firmware, 203rp Firmware, Ap-300 Series Access Points Firmware and 1 more 2019-02-07 5.4
A vulnerability exists in the firmware of embedded BLE radios that are part of some Aruba Access points. An attacker who is able to exploit the vulnerability could install new, potentially malicious firmware into the AP's BLE radio and could then...