| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2019-1666 |
1 Cisco |
1 Hyperflex Hx Data Platform |
2019-02-21 |
5.0 |
| A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could... |
| CVE-2018-10612 |
|
|
2019-02-21 |
10.0 |
| In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive... |
| CVE-2019-7390 |
1 Dlink |
1 Dir-823g Firmware |
2019-02-21 |
5.0 |
| An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via... |
| CVE-2016-3159 |
4 Xen, Fedoraproject, Oracle and 1 more |
4 Vm Server, Xen, Fedora and 1 more |
2019-02-21 |
1.7 |
| The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another... |
| CVE-2013-5654 |
1 Yingzhipython Project |
1 Yingzhipython |
2019-02-21 |
9.4 |
| Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage |
| CVE-2018-20587 |
|
|
2019-02-21 |
2.1 |
| Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests... |
| CVE-2018-9867 |
|
|
2019-02-21 |
2.1 |
| In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability... |
| CVE-2019-3475 |
1 Microfocus |
1 Filr |
2019-02-21 |
7.2 |
| A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6. |
| CVE-2016-2788 |
2 Puppetlabs, Puppet |
3 Puppet, Marionette-collective, Puppet |
2019-02-21 |
7.5 |
| MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. |
| CVE-2018-20146 |
|
|
2019-02-21 |
7.2 |
| An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell. |
| CVE-2019-6260 |
1 Aspeedtech |
2 Ast2400 Firmware, Ast2500 Firmware |
2019-02-20 |
7.5 |
| The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or... |
| CVE-2019-0266 |
1 Sap |
1 Hana Extended Application Services |
2019-02-20 |
5.0 |
| Under certain conditions SAP HANA Extended Application Services, version 1.0, advanced model (XS advanced) writes credentials of platform users to a trace file of the SAP HANA system. Even though this trace file is protected from unauthorized... |
| CVE-2019-1003006 |
1 Jenkins |
1 Groovy |
2019-02-19 |
6.5 |
| A sandbox bypass vulnerability exists in Jenkins Groovy Plugin 2.0 and earlier in src/main/java/hudson/plugins/groovy/StringScriptSource.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that... |
| CVE-2018-15395 |
1 Cisco |
1 Wireless Lan Controller Software |
2019-02-19 |
2.7 |
| A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal... |
| CVE-2019-8392 |
1 Dlink |
1 Dir-823g Firmware |
2019-02-19 |
5.0 |
| An issue was discovered on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to enable Guest Wi-Fi via the SetWLanRadioSettings HNAP API to the web service provided by /bin/goahead. |
| CVE-2019-6703 |
1 Calmar-webmedia |
1 Total Donations |
2019-02-19 |
7.5 |
| Incorrect access control in migla_ajax_functions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers... |
| CVE-2019-7399 |
|
|
2019-02-19 |
5.8 |
| Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages. |
| CVE-2018-20685 |
1 Openbsd |
1 Openssh |
2019-02-16 |
2.6 |
| In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side. |
| CVE-2019-1000011 |
1 Api-platform |
1 Core |
2019-02-15 |
5.5 |
| API Platform version from 2.2.0 to 2.3.5 contains an Incorrect Access Control vulnerability in GraphQL delete mutations that can result in a user authorized to delete a resource can delete any resource. This attack appears to be exploitable via... |
| CVE-2019-2421 |
1 Oracle |
1 Peoplesoft Enterprise Human Capital Management Eprofile Manager Desktop |
2019-02-15 |
5.8 |
| Vulnerability in the PeopleSoft Enterprise HCM eProfile Manager Desktop component of Oracle PeopleSoft Products (subcomponent: Guided Self Service). The supported version that is affected is 9.2. Easily exploitable vulnerability allows... |
