Vulnerabilities (CVE)

Filter

123771 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-12280 2019-06-26 N/A
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.
CVE-2019-3961 2019-06-26 N/A
Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted...
CVE-2018-15710 1 Nagios 1 Nagios Xi 2019-06-26 7.2
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
CVE-2018-15708 1 Nagios 1 Nagios Xi 2019-06-26 7.5
Snoopy 1.0 in Nagios XI 5.5.6 allows remote unauthenticated attackers to execute arbitrary commands via a crafted HTTP request.
CVE-2019-9836 2019-06-25 N/A
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.
CVE-2019-12836 2019-06-25 6.8
The Bobronix JEditor editor before 3.0.6 for Jira allows an attacker to add a URL/Link (to an existing issue) that can cause forgery of a request to an out-of-origin domain. This in turn may allow for a forged request that can be invoked in the...
CVE-2019-4382 1 Ibm 1 Api Connect 2019-06-25 5.0
IBM API Connect 5.0.0.0 through 5.0.8.6 could allow an unauthorized user to obtain sensitive information about the system users using specially crafted HTTP requests. IBM X-Force ID: 162162.
CVE-2019-4377 1 Ibm 1 Sterling B2b Integrator 2019-06-25 4.0
IBM Sterling B2B Integrator 6.0.0.0 and 6.0.0.1 reveals sensitive information from a stack trace that could be used in further attacks against the system. IBM X-Force ID: 162803.
CVE-2018-2013 1 Ibm 1 Api Connect 2019-06-25 5.0
IBM API Connect 2018.1 through 2018.4.1.5 could disclose sensitive information to an unauthorized user that could aid in further attacks against the system. IBM X-Force ID: 155193.
CVE-2018-10828 1 Alps 1 Pointing-device Driver 2019-06-25 2.1
An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ApMsgFwd.exe allows the current user to map and write to the "ApMsgFwd File Mapping Object" section. ApMsgFwd.exe uses the data written to this section as arguments to...
CVE-2018-1858 1 Ibm 1 Api Connect 2019-06-25 6.8
IBM API Connect 5.0.0.0 through 5.0.8.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 151256.
CVE-2019-12817 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2019-06-25 6.9
arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of...
CVE-2019-6328 2019-06-25 N/A
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.
CVE-2019-6329 2019-06-25 N/A
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.
CVE-2019-1625 1 Cisco 1 Sd-wan Firmware 2019-06-25 7.2
A vulnerability in the CLI of Cisco SD-WAN Solution could allow an authenticated, local attacker to elevate lower-level privileges to the root user on an affected device. The vulnerability is due to insufficient authorization enforcement. An...
CVE-2019-12949 1 Netgate 1 Pfsense 2019-06-25 4.3
In pfSense 2.4.4-p2 and 2.4.4-p3, if it is possible to trick an authenticated administrator into clicking on a button on a phishing page, an attacker can leverage XSS to upload arbitrary executable code, via diag_command.php and...
CVE-2019-12951 1 Cesanta 1 Mongoose 2019-06-25 7.5
An issue was discovered in Mongoose before 6.15. The parse_mqtt() function in mg_mqtt.c has a critical heap-based buffer overflow.
CVE-2019-12958 1 Glyphandcog 1 Xpdfreader 2019-06-25 4.3
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.
CVE-2019-12957 1 Glyphandcog 1 Xpdfreader 2019-06-25 6.8
In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the...
CVE-2018-2011 2019-06-25 N/A
IBM API Connect 2018.1 through 2018.4.1.5 could allow an attacker to obtain sensitive information from a specially crafted HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 155150.