Vulnerabilities (CVE)

Filter

118910 total CVE
CVE Vendors Products Updated CVSS
CVE-2016-3501 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-02-21 4.0
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVE-2016-3486 2 Oracle, Canonical 2 Mysql, Ubuntu Linux 2019-02-21 6.8
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.
CVE-2016-3477 5 Mariadb, Ibm, Oracle and 2 more 6 Linux, Mariadb, Mysql and 3 more 2019-02-21 4.1
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and...
CVE-2018-18602 1 Guardzilla 6 180 Indoor Firmware, 180 Outdoor Firmware, 360 Indoor Firmware and 3 more 2019-02-21 5.0
The Cloud API on Guardzilla smart cameras allows user enumeration, with resultant arbitrary camera access and monitoring.
CVE-2016-3471 2 Oracle, Redhat 2 Enterprise Linux, Mysql 2019-02-21 7.1
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.
CVE-2016-3459 2 Mariadb, Oracle 2 Mariadb, Mysql 2019-02-21 4.0
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.
CVE-2016-3452 4 Mariadb, Ibm, Oracle and 1 more 5 Linux, Mariadb, Enterprise Linux and 2 more 2019-02-21 4.3
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors...
CVE-2013-5654 1 Yingzhipython Project 1 Yingzhipython 2019-02-21 9.4
Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage
CVE-2018-1296 1 Apache 1 Hadoop 2019-02-21 5.0
In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission...
CVE-2019-3464 2 Pizzashack, Debian 2 Rssh, Debian Linux 2019-02-21 7.5
Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.
CVE-2018-1000814 1 Aiohttp Project 1 Aiohttp 2019-02-21 4.0
aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan. This attack appear to be exploitable via...
CVE-2018-20587 2019-02-21 2.1
Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. Local users can exploit this to steal currency by binding the RPC IPv4 localhost port, and forwarding requests...
CVE-2018-1340 1 Apache 1 Guacamole 2019-02-21 5.0
Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if...
CVE-2018-9867 2019-02-21 2.1
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability...
CVE-2019-6975 2 Djangoproject, Canonical 2 Django, Ubuntu Linux 2019-02-21 5.0
Django 1.11.x before 1.11.19, 2.0.x before 2.0.11, and 2.1.x before 2.1.6 allows Uncontrolled Memory Consumption via a malicious attacker-supplied value to the django.utils.numberformat.format() function.
CVE-2019-7653 1 Rdflib Project 1 Rdflib 2019-02-21 7.5
The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This...
CVE-2018-20030 1 Libexif Project 1 Libexif 2019-02-21 7.8
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
CVE-2018-12549 1 Eclipse 1 Openj9 2019-02-21 7.5
In Eclipse OpenJ9 version 0.11.0, the OpenJ9 JIT compiler may incorrectly omit a null check on the receiver object of an Unsafe call when accelerating it.
CVE-2019-8389 1 Ascellamobile 1 Musicloud 2019-02-21 4.8
A file-read vulnerability was identified in the Wi-Fi transfer feature of Musicloud 1.6. By default, the application runs a transfer service on port 8080, accessible by everyone on the same Wi-Fi network. An attacker can send the POST parameters...
CVE-2019-3474 1 Microfocus 1 Filr 2019-02-21 4.0
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of...