Vulnerabilities (CVE)

Filter

120781 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-20482 2 Gnu, Debian 2 Tar, Debian Linux 2019-04-18 1.9
GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be...
CVE-2018-20200 2019-04-18 N/A
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application.
CVE-2018-18435 1 Kioware 1 Kioware Server 2019-04-18 7.2
KioWare Server version 4.9.6 and older installs by default to "C:\kioware_com" with weak folder permissions granting any user full permission "Everyone: (F)" to the contents of the directory and it's sub-folders. In addition, the program installs...
CVE-2018-12173 2019-04-18 7.2
Insufficient access protection in firmware in Intel Server Board, Intel Server System and Intel Compute Module before firmware version 00.01.0014 may allow an unauthenticated attacker to potentially execute arbitrary code resulting in information...
CVE-2018-12155 1 Intel 1 Integrated Performance Primitives 2019-04-18 2.1
Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2017-5695 1 Intel 7 Ssd Pro 5400s M.2 Firmware, Ssd E 5400s M.2 Firmware, Ssd 540s 2.5%22 Firmware and 4 more 2019-04-18 2.1
Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P,...
CVE-2019-1712 1 Cisco 1 Ios Xr 2019-04-18 5.0
A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device....
CVE-2019-3462 3 Debian, Netapp, Canonical 5 Apt, Active Iq, Element Software and 2 more 2019-04-18 9.3
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
CVE-2019-0163 2019-04-18 4.6
Insufficient input validation in system firmware for Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access.
CVE-2019-1710 2019-04-18 7.5
A vulnerability in the sysadmin virtual machine (VM) on Cisco ASR 9000 Series Aggregation Services Routers running Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to access internal applications running on the...
CVE-2019-1686 1 Cisco 1 Ios Xr 2019-04-18 5.0
A vulnerability in the TCP flags inspection feature for access control lists (ACLs) on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an...
CVE-2019-1654 2019-04-18 7.2
A vulnerability in the development shell (devshell) authentication for Cisco Aironet Series Access Points (APs) running the Cisco AP-COS operating system could allow an authenticated, local attacker to access the development shell without proper...
CVE-2019-9005 2019-04-18 N/A
The Cprime Power Scripts app before 4.0.14 for Atlassian Jira allows Directory Traversal.
CVE-2019-3885 2019-04-18 N/A
A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.
CVE-2019-3398 2019-04-18 N/A
Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has...
CVE-2019-11223 2019-04-18 N/A
An Unrestricted File Upload Vulnerability in the SupportCandy plugin through 2.0.0 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
CVE-2019-11191 1 Linux 1 Linux Kernel 2019-04-18 4.7
The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT is enabled and ia32_aout is loaded, allows local users to bypass ASLR on setuid a.out programs (if any exist) because install_exec_creds() is called too late in load_aout_binary() in...
CVE-2019-11017 2019-04-18 N/A
On D-Link DI-524 V2.06RU devices, multiple Stored and Reflected XSS vulnerabilities were found in the Web Configuration: /spap.htm, /smap.htm, and /cgi-bin/smap, as demonstrated by the cgi-bin/smap RC parameter.
CVE-2018-17289 2019-04-18 N/A
An XML external entity (XXE) vulnerability in Kofax Front Office Server Administration Console version 4.1.1.11.0.5212 allows remote authenticated users to read arbitrary files via crafted XML inside an imported package configuration (.ZIP file)...
CVE-2018-17288 2019-04-18 N/A
Kofax Front Office Server version 4.1.1.11.0.5212 (both Thin Client and Administration Console) suffers from multiple authenticated stored XSS vulnerabilities via the (1) "Filename" field in /Kofax/KFS/ThinClient/document/upload/ - (Thin Client)...