| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2018-20783 |
1 Php |
1 Php |
2019-02-21 |
5.0 |
| In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar... |
| CVE-2019-1003004 |
1 Jenkins |
1 Jenkins |
2019-02-21 |
6.5 |
| An improper authorization vulnerability exists in Jenkins 2.158 and earlier, LTS 2.150.1 and earlier in core/src/main/java/hudson/security/AuthenticationProcessingFilter2.java that allows attackers to extend the duration of active HTTP sessions... |
| CVE-2019-8950 |
1 Dasannetworks |
1 H665 Firmware |
2019-02-21 |
10.0 |
| The backdoor account dnsekakf2$$ in /bin/login on DASAN H665 devices with firmware 1.46p1-0028 allows an attacker to login to the admin account via TELNET. |
| CVE-2019-8982 |
1 Wavemaker |
1 Wavemarker Studio |
2019-02-21 |
6.8 |
| com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF. |
| CVE-2019-8308 |
2 Debian, Redhat |
7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more |
2019-02-21 |
4.4 |
| Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. |
| CVE-2018-3989 |
1 Wibu |
1 Wibukey |
2019-02-21 |
2.1 |
| An exploitable kernel memory disclosure vulnerability exists in the 0x8200E804 IOCTL handler functionality of WIBU-SYSTEMS WibuKey.sys Version 6.40 (Build 2400).A specially crafted IRP request can cause the driver to return uninitialized memory,... |
| CVE-2019-0257 |
1 Sap |
1 Netweaver Abap |
2019-02-21 |
6.5 |
| Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user,... |
| CVE-2019-6242 |
1 Kentico |
1 Kentico |
2019-02-21 |
4.0 |
| ** DISPUTED ** Kentico v10.0.42 allows Global Administrators to read the cleartext SMTP Password by navigating to the SMTP configuration page. NOTE: the vendor considers this a best-practice violation but not a vulnerability. The vendor plans to... |
| CVE-2019-8985 |
|
|
2019-02-21 |
N/A |
| On Netis WF2880 and WF2411 2.1.36123 devices, there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET... |
| CVE-2019-1664 |
|
|
2019-02-21 |
N/A |
| A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could... |
| CVE-2019-8337 |
1 Marlam |
1 Msmtp |
2019-02-21 |
5.0 |
| In msmtp 1.8.2, when tls_trust_file has its default configuration, certificate-verification results are not properly checked. |
| CVE-2018-19858 |
1 Princexml |
1 Princexml |
2019-02-21 |
5.0 |
| PrinceXML, versions 10 and below, is vulnerable to XXE due to the lack of protection against external entities. If an attacker passes HTML referencing an XML file (e.g., in an IFRAME element), PrinceXML will fetch the XML and parse it, thus... |
| CVE-2018-5817 |
1 Libraw |
1 Libraw |
2019-02-21 |
5.0 |
| A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop. |
| CVE-2018-5818 |
1 Libraw |
1 Libraw |
2019-02-21 |
5.0 |
| An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop. |
| CVE-2018-1944 |
|
|
2019-02-21 |
7.5 |
| IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external... |
| CVE-2018-15460 |
1 Cisco |
1 Email Security Appliances Firmware |
2019-02-21 |
7.8 |
| A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial... |
| CVE-2018-1945 |
|
|
2019-02-21 |
5.8 |
| IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could... |
| CVE-2019-5916 |
1 D-circle |
1 Power Egg |
2019-02-21 |
7.5 |
| Input validation issue in POWER EGG(Ver 2.0.1, Ver 2.02 Patch 3 and earlier, Ver 2.1 Patch 4 and earlier, Ver 2.2 Patch 7 and earlier, Ver 2.3 Patch 9 and earlier, Ver 2.4 Patch 13 and earlier, Ver 2.5 Patch 12 and earlier, Ver 2.6 Patch 8 and... |
| CVE-2018-1946 |
|
|
2019-02-21 |
5.0 |
| IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption... |
| CVE-2018-1947 |
|
|
2019-02-21 |
4.3 |
| IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
