Vulnerabilities (CVE)

Filter

118910 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-3475 1 Microfocus 1 Filr 2019-02-21 7.2
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-3924 1 Mikrotik 1 Routeros 2019-02-21 5.0
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this...
CVE-2019-1659 2019-02-21 N/A
A vulnerability in the Identity Services Engine (ISE) integration feature of Cisco Prime Infrastructure (PI) could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the Secure Sockets Layer (SSL) tunnel...
CVE-2013-7469 1 Seafile 1 Seafile 2019-02-21 5.0
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2016-2788 2 Puppetlabs, Puppet 3 Puppet, Marionette-collective, Puppet 2019-02-21 7.5
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
CVE-2018-20146 2019-02-21 7.2
An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.
CVE-2018-20025 2019-02-21 5.0
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
CVE-2016-2105 8 Openssl, Apple, Oracle and 5 more 16 Leap, Openssl, Enterprise Linux Desktop and 13 more 2019-02-21 5.0
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2019-6535 1 Mitsubishielectric 18 Q03udecpu Firmware, Q03udvcpu Firmware, Q04udehcpu Firmware and 15 more 2019-02-21 5.0
Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific...
CVE-2016-2047 7 Mariadb, Oracle, Novell and 4 more 8 Leap, Mariadb, Enterprise Linux and 5 more 2019-02-21 4.3
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly...
CVE-2019-1003009 1 Jenkins 1 Active Directory 2019-02-21 5.8
An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java,...
CVE-2019-7722 1 Pmd Project 1 Pmd 2019-02-21 6.8
PMD 5.8.1 and earlier processes XML external entities in ruleset files it parses as part of the analysis process, allowing attackers tampering it (either by direct modification or MITM attacks when using remote rulesets) to perform information...
CVE-2018-20164 2019-02-21 5.0
An issue was discovered in regex.yaml (aka regexes.yaml) in UA-Parser UAP-Core before 0.6.0. A Regular Expression Denial of Service (ReDoS) issue allows remote attackers to overload a server by setting the User-Agent header in an HTTP(S) request...
CVE-2019-8954 1 Indexhibit 1 Indexhibit 2019-02-21 6.5
In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI.
CVE-2019-8979 2 Kohanaframework, Koseven 2 Kohana, Koseven 2019-02-21 7.5
Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled.
CVE-2019-8980 1 Linux 1 Linux Kernel 2019-02-21 7.8
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
CVE-2018-15517 1 D-link 1 Central Wifimanager 2019-02-21 5.0
The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, leading to SSRF, as demonstrated by an...
CVE-2018-6687 2019-02-21 N/A
Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that...
CVE-2018-20122 2019-02-21 N/A
The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote...
CVE-2019-8948 1 Papercut 2 Papercut Mf, Papercut Ng 2019-02-21 7.5
PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163.