Vulnerabilities (CVE)

Filter

118910 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-20783 1 Php 1 Php 2019-02-21 5.0
In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar...
CVE-2019-1003004 1 Jenkins 1 Jenkins 2019-02-21 6.5
An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions...
CVE-2019-8950 1 Dasannetworks 1 H665 Firmware 2019-02-21 10.0
The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET.
CVE-2019-8982 1 Wavemaker 1 Wavemarker Studio 2019-02-21 6.8
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.
CVE-2019-8308 2 Debian, Redhat 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2019-02-21 4.4
Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.
CVE-2018-3989 1 Wibu 1 Wibukey 2019-02-21 2.1
An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory,...
CVE-2019-0257 1 Sap 1 Netweaver Abap 2019-02-21 6.5
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user,...
CVE-2019-6242 1 Kentico 1 Kentico 2019-02-21 4.0
** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to...
CVE-2019-8985 2019-02-21 N/A
On Netis WF2880 and WF2411 2.1.36123 devices, there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET...
CVE-2019-1664 2019-02-21 N/A
A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could...
CVE-2019-8337 1 Marlam 1 Msmtp 2019-02-21 5.0
In msmtp 1.8.2, when tls_trust_file has its default configuration, certificate-verification results are not properly checked.
CVE-2018-19858 1 Princexml 1 Princexml 2019-02-21 5.0
PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus...
CVE-2018-5817 1 Libraw 1 Libraw 2019-02-21 5.0
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
CVE-2018-5818 1 Libraw 1 Libraw 2019-02-21 5.0
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
CVE-2018-1944 2019-02-21 7.5
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external...
CVE-2018-15460 1 Cisco 1 Email Security Appliances Firmware 2019-02-21 7.8
A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial...
CVE-2018-1945 2019-02-21 5.8
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could...
CVE-2019-5916 1 D-circle 1 Power Egg 2019-02-21 7.5
Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and...
CVE-2018-1946 2019-02-21 5.0
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption...
CVE-2018-1947 2019-02-21 4.3
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...