Total
228 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0274 | 1 Linux | 1 Linux Kernel | 2024-02-15 | 7.2 HIGH | N/A |
The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access. | |||||
CVE-2019-0089 | 1 Intel | 1 Server Platform Services | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2019-0980 | 1 Microsoft | 10 .net Core, .net Framework, Windows 10 and 7 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981. | |||||
CVE-2019-5675 | 1 Nvidia | 1 Gpu Driver | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure. | |||||
CVE-2019-0941 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests, aka 'Microsoft IIS Server Denial of Service Vulnerability'. | |||||
CVE-2019-12828 | 1 Ea | 1 Origin | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share. | |||||
CVE-2019-0815 | 1 Microsoft | 1 Asp.net Core | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. | |||||
CVE-2019-0946 | 1 Microsoft | 2 Office, Office 365 Proplus | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0945, CVE-2019-0947. | |||||
CVE-2019-9573 | 1 Mishubd | 1 Wp Human Resource Management | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications. | |||||
CVE-2019-14794 | 1 Metabox | 1 Meta Box | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. | |||||
CVE-2019-9673 | 1 Freenetproject | 1 Freenet | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI. | |||||
CVE-2019-0981 | 1 Microsoft | 10 .net Core, .net Framework, Windows 10 and 7 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. | |||||
CVE-2019-0633 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0630. | |||||
CVE-2019-11218 | 1 Bonobogitserver | 1 Bonobo Git Server | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions. | |||||
CVE-2019-13917 | 2 Debian, Exim | 2 Debian Linux, Exim | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain). | |||||
CVE-2006-7254 | 1 Gnu | 1 Glibc | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. | |||||
CVE-2019-11070 | 2 Webkitgtk, Wpewebkit | 2 Webkitgtk, Wpe Webkit | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
WebKitGTK and WPE WebKit prior to version 2.24.1 failed to properly apply configured HTTP proxy settings when downloading livestream video (HLS, DASH, or Smooth Streaming), an error resulting in deanonymization. This issue was corrected by changing the way livestreams are downloaded. | |||||
CVE-2019-5784 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2019-0801 | 1 Microsoft | 2 Office, Office 365 Proplus | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
A remote code execution vulnerability exists when Microsoft Office fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file that points to an Excel or PowerPoint file that was also downloaded.The update addresses the vulnerability by correcting how Office handles these files., aka 'Office Remote Code Execution Vulnerability'. | |||||
CVE-2019-10477 | 2 Fusioninventory, Glpi-project | 2 Fusioninventory, Glpi | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions. |