Vulnerabilities (CVE)

Filter

118910 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-1948 2019-02-21 4.3
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a...
CVE-2018-1949 2019-02-21 4.0
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 153429.
CVE-2018-1950 2019-02-21 4.0
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data which could be used in further attacks against...
CVE-2018-4012 1 Webroot 1 Brightcloud 2019-02-21 9.3
An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated...
CVE-2018-20753 1 Kaseya 1 Virtual System Administrator 2019-02-21 7.5
Kaseya VSA RMM before R9.3 9.3.0.35, R9.4 before 9.4.0.36, and R9.5 before 9.5.0.5 allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. In January 2018, attackers actively exploited this vulnerability in the wild.
CVE-2019-8983 2019-02-21 4.3
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2).
CVE-2019-8984 2019-02-21 4.3
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2).
CVE-2018-20371 1 Photorange Photo Vault Project 1 Photorange Photo Vault 2019-02-21 5.0
PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers to bypass intended GET restrictions via a brute-force approach, as demonstrated by "GET /login.html__passwd1" and "GET...
CVE-2019-7390 1 Dlink 1 Dir-823g Firmware 2019-02-21 5.0
An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via...
CVE-2018-19007 2019-02-21 10.0
In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.
CVE-2019-8317 1 Dlink 1 Dir-878 Firmware 2019-02-21 9.0
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute...
CVE-2016-3159 4 Xen, Fedoraproject, Oracle and 1 more 4 Vm Server, Xen, Fedora and 1 more 2019-02-21 1.7
The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another...
CVE-2018-5819 1 Libraw 1 Libraw 2019-02-21 7.8
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
CVE-2016-3492 2 Mariadb, Oracle 2 Mariadb, Mysql 2019-02-21 6.8
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2016-3615 5 Mariadb, Ibm, Oracle and 2 more 6 Linux, Mariadb, Mysql and 3 more 2019-02-21 4.3
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via...
CVE-2016-3614 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-02-21 3.5
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.
CVE-2018-16190 1 Micco 4 Lhmelting, Lmlzh32.dll, Unarj32.dll and 1 more 2019-02-21 6.8
Untrusted search path vulnerability in UNARJ32.DLL for Win32, LHMelting for Win32, and LMLzh32.DLL (UNARJ32.DLL for Win32 Ver 1.10.1.25 and earlier, LHMelting for Win32 Ver 1.65.3.6 and earlier, LMLzh32.DLL Ver 2.67.1.2 and earlier) allows an...
CVE-2016-3521 5 Mariadb, Ibm, Oracle and 2 more 6 Linux, Mariadb, Mysql and 3 more 2019-02-21 6.8
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via...
CVE-2019-1662 2019-02-21 N/A
A vulnerability in the Quality of Voice Reporting (QOVR) service of Cisco Prime Collaboration Assurance (PCA) Software could allow an unauthenticated, remote attacker to access the system as a valid user. The vulnerability is due to insufficient...
CVE-2018-2006 2019-02-21 N/A
IBM Robotic Process Automation with Automation Anywhere 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to upload arbitrary files...