Vulnerabilities (CVE)

Filter

122134 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-8936 5 Netapp, Ntp, Fedoraproject and 2 more 5 Data Ontap Operating In 7-mode, Ntp, Fedora and 2 more 2019-05-20 5.0
NTP through 4.2.8p12 has a NULL Pointer Dereference.
CVE-2019-12213 1 Freeimage Project 1 Freeimage 2019-05-20 4.3
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
CVE-2018-20007 1 Yeelight 1 Smart Ai Speaker Firmware 2019-05-20 7.2
Yeelight Smart AI Speaker 3.3.10_0074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log...
CVE-2018-20839 1 Freedesktop 1 Systemd 2019-05-20 5.0
systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current...
CVE-2019-6781 1 Gitlab 1 Gitlab 2019-05-20 5.0
An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into...
CVE-2019-8352 2019-05-20 N/A
By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could...
CVE-2019-8339 2019-05-20 N/A
An issue was discovered in Sysdig through 0.24.2, as used in Falco through 0.14.0 and other products. A bypass allows local users to run malicious code without being detected because record_event_consumer in driver/main.c in sysdig-probe.ko (and...
CVE-2019-6787 1 Gitlab 1 Gitlab 2019-05-20 4.0
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. The GitLab API allowed project Maintainers and Owners to view the trigger tokens of other...
CVE-2019-12185 1 Elabftw 1 Elabftw 2019-05-20 9.0
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request....
CVE-2019-7353 1 Gitlab 1 Gitlab 2019-05-20 6.4
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 11.7.x before 11.7.4. GitLab Releases were vulnerable to an authorization issue that allowed users to view confidential issue and merge request titles of...
CVE-2019-1790 1 Cisco 1 Nx-os 2019-05-20 7.2
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker with valid administrator credentials to execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due...
CVE-2019-0921 1 Microsoft 1 Internet Explorer 2019-05-20 4.3
An spoofing vulnerability exists when Internet Explorer improperly handles URLs, aka 'Internet Explorer Spoofing Vulnerability'.
CVE-2019-6790 1 Gitlab 1 Gitlab 2019-05-20 4.0
An Incorrect Access Control (issue 2 of 3) issue was discovered in GitLab Community and Enterprise Edition 8.14 and later but before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. Guest users were able to view the list of a group's merge...
CVE-2019-1795 1 Cisco 1 Nx-os 2019-05-20 7.2
A vulnerability in the CLI of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with the privilege level of root. The vulnerability is...
CVE-2019-12163 1 Gatship 1 Web Module 2019-05-20 5.0
GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via {} in a ws/gatshipWs.asmx/SqlVersion request.
CVE-2019-1858 1 Cisco 1 Nx-os 2019-05-20 5.0
A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the SNMP application to leak system memory, which...
CVE-2019-0929 1 Microsoft 1 Internet Explorer 2019-05-20 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.
CVE-2019-0727 1 Microsoft 6 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 3 more 2019-05-20 7.2
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to...
CVE-2019-0938 1 Microsoft 1 Edge 2019-05-20 6.8
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.
CVE-2019-4293 2019-05-20 N/A
IBM Storwize V7000 Unified (2073) 1.6 configuration may allow an attacker to reveal the server version in default installation, which could be used in further attacks against the system. IBM X-Force ID: 160699.