Vulnerabilities (CVE)

CWE filter

CWE-20

Filter

7461 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1910 1 Cisco 2 Carrier Routing System, Ios Xr 2019-08-16 6.1
A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an unauthenticated attacker who is in the same IS–IS area...
CVE-2019-14474 1 Eq-3 1 Ccu3 Firmware 2019-08-16 5.0
eQ-3 Homematic CCU3 3.47.15 and prior has Improper Input Validation in function 'Call()' of ReGa core logic process, resulting in the ability to start a Denial of Service. Due to Improper Authorization an attacker can obtain a session ID from...
CVE-2019-1955 1 Cisco 1 Email Security Appliance Firmware 2019-08-15 5.0
A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The...
CVE-2019-9848 3 Libreoffice, Canonical, Fedoraproject 3 Libreoffice, Ubuntu Linux, Fedora 2019-08-15 7.5
LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics...
CVE-2019-11728 1 Mozilla 1 Firefox 2019-08-15 4.3
The HTTP Alternative Services header, Alt-Svc, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. This vulnerability affects Firefox < 68.
CVE-2019-11725 1 Mozilla 1 Firefox 2019-08-15 4.0
When a user navigates to site marked as unsafe by the Safebrowsing API, warning messages are displayed and navigation is interrupted but resources from the same site loaded through websockets are not blocked, leading to the loading of unsafe...
CVE-2019-11721 1 Mozilla 1 Firefox 2019-08-15 4.3
The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion. This vulnerability affects Firefox < 68.
CVE-2019-11716 1 Mozilla 1 Firefox 2019-08-15 7.5
Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating and freezing access to the...
CVE-2019-11714 1 Mozilla 1 Firefox 2019-08-15 7.5
Necko can access a child on the wrong thread during UDP connections, resulting in a potentially exploitable crash in some instances. This vulnerability affects Firefox < 68.
CVE-2019-11708 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2019-08-15 10.0
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional...
CVE-2019-11038 1 Php 1 Php 2019-08-15 5.0
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will...
CVE-2019-1959 2019-08-15 2.1
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these...
CVE-2019-1960 2019-08-15 2.1
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to read arbitrary files on the underlying operating system (OS) of an affected device. For more information about these...
CVE-2019-1945 1 Cisco 1 Adaptive Security Appliance Software 2019-08-15 4.6
Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance (ASA) could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being...
CVE-2019-1951 1 Cisco 1 Sd-wan Firmware 2019-08-15 5.0
A vulnerability in the packet filtering features of Cisco SD-WAN Solution could allow an unauthenticated, remote attacker to bypass L3 and L4 traffic filters. The vulnerability is due to improper traffic filtering conditions on an affected...
CVE-2018-19855 1 Uipath 1 Orchestrator 2019-08-15 4.3
UiPath Orchestrator before 2018.3.4 allows CSV Injection, related to the Audit export, Robot log export, and Transaction log export features.
CVE-2018-1283 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Santricity Cloud Connector and 5 more 2019-08-15 3.5
In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a "Session" header. This comes from the...
CVE-2017-9788 6 Apache, Netapp, Oracle and 3 more 16 Httpd, Http Server, Oncommand Unified Manager and 13 more 2019-08-15 6.4
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an...
CVE-2017-15715 5 Apache, Debian, Netapp and 2 more 8 Http Server, Debian Linux, Santricity Cloud Connector and 5 more 2019-08-15 6.8
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of...
CVE-2014-0117 2 Apache, Apple 2 Mac Os X, Http Server 2019-08-15 4.3
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.