Vulnerabilities (CVE)

Filter

123412 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1069 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-06-14 7.2
An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler Elevation of Privilege Vulnerability'.
CVE-2019-0305 1 Sap 1 Netweaver Process Integration 2019-06-14 4.3
Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another...
CVE-2019-5286 2019-06-14 4.3
There is a reflection XSS vulnerability in the HedEx products. Remote attackers send malicious links to users and trick users to click. Successfully exploit cloud allow the attacker to initiate XSS attacks. Affects HedEx Lite versions earlier...
CVE-2019-0304 1 Sap 5 Advanced Business Application Programming Platform Kernel, Advanced Business Application Programming Platform Krnl32nuc, Advanced Business Application Programming Platform Krnl32uc and 2 more 2019-06-14 7.5
FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21,...
CVE-2019-0130 2019-06-14 4.3
Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2019-0312 1 Sap 1 Netweaver Process Integration 2019-06-14 5.0
Several web pages provided SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 and SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50) are not password protected. An attacker could access landscape...
CVE-2019-3873 1 Redhat 2 Jboss Enterprise Application Platform, Single Sign-on 2019-06-14 6.0
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve cross-site scripting or possibly conduct...
CVE-2019-3875 1 Redhat 2 Keycloak, Single Sign-on 2019-06-14 5.8
A vulnerability was found in keycloak before 6.0.2. The X.509 authenticator supports the verification of client certificates through the CRL, where the CRL list can be obtained from the URL provided in the certificate itself (CDP) or through the...
CVE-2015-2165 1 Ericsson 1 Drutt Mobile Service Delivery Platform 2019-06-14 4.3
Multiple cross-site scripting (XSS) vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) portal, (2) fromDate,...
CVE-2015-2101 1 Impliedbydesign 1 Navigate 2019-06-14 4.3
Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2019-5245 1 Huawei 1 Hisuite 2019-06-14 4.6
HiSuite 9.1.0.300 versions and earlier contains a DLL hijacking vulnerability. This vulnerability exists due to some DLL file is loaded by HiSuite improperly. And it allows an attacker to load this DLL file of the attacker's choosing that could...
CVE-2019-0315 1 Sap 1 Netweaver Process Integration 2019-06-14 5.0
Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, SAP_XITOOL: 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50 and SAP_XIPCK 7.10 to 7.11, 7.20,...
CVE-2010-5330 2019-06-14 5.0
On certain Ubiquiti devices, Command Injection exists via a GET request to stainfo.cgi (aka Show AP info) because the ifname variable is not sanitized, as demonstrated by shell metacharacters. The fixed version is v4.0.1 for 802.11 ISP products,...
CVE-2019-10155 4 Libreswan, Openswan, Strongswan and 1 more 4 Libreswan, Openswan, Strongswan and 1 more 2019-06-14 3.5
The Libreswan Project has found a vulnerability in the processing of IKEv1 informational exchange packets which are encrypted and integrity protected using the established IKE SA encryption and integrity keys, but as a receiver, the integrity...
CVE-2019-7840 1 Adobe 1 Coldfusion 2019-06-14 10.0
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-7839 1 Adobe 1 Coldfusion 2019-06-14 10.0
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-0306 1 Sap 1 Hana Extended Application Services 2019-06-14 4.0
SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names.
CVE-2019-0311 1 Sap 1 R%2f3 Enterprise 2019-06-14 4.3
Automotive Dealer Portal in SAP R/3 Enterprise Application (versions: 600, 602, 603, 604, 605, 606, 616, 617) does not sufficiently encode user-controlled inputs, this makes it possible for an attacker to send unwanted scripts to the browser of...
CVE-2019-1053 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2019-06-14 7.2
An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts, aka 'Windows Shell Elevation of Privilege Vulnerability'.
CVE-2019-1064 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2019-06-14 7.2
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'.