Total
228 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-4236 | 2 Hp, Ibm | 2 Hp-ux, Spectrum Protect | 2024-02-04 | 3.6 LOW | 4.4 MEDIUM |
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418. | |||||
CVE-2018-4329 | 1 Apple | 2 Iphone Os, Safari | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. This issue affected versions prior to iOS 12, Safari 12. | |||||
CVE-2019-9870 | 1 Oembed Project | 1 Oembed | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements. | |||||
CVE-2019-0947 | 1 Microsoft | 1 Office | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0945, CVE-2019-0946. | |||||
CVE-2019-0982 | 1 Microsoft | 1 Asp.net Core | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. | |||||
CVE-2019-13624 | 1 Onosproject | 1 Onos | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command. | |||||
CVE-2019-0811 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries, aka 'Windows DNS Server Denial of Service Vulnerability'. | |||||
CVE-2019-0945 | 1 Microsoft | 2 Office, Office 365 | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0946, CVE-2019-0947. | |||||
CVE-2019-0630 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 2.0 (SMBv2) server handles certain requests, aka 'Windows SMB Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0633. | |||||
CVE-2019-1083 | 1 Microsoft | 9 .net Framework, Windows 10, Windows 7 and 6 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'. | |||||
CVE-2019-0817 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 5.8 MEDIUM | 5.4 MEDIUM |
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858. | |||||
CVE-2017-6920 | 1 Drupal | 1 Drupal | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations. | |||||
CVE-2019-0548 | 1 Microsoft | 1 Asp.net Core | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.2, ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0564. | |||||
CVE-2009-5155 | 2 Gnu, Netapp | 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match. | |||||
CVE-2019-0564 | 1 Microsoft | 1 Asp.net Core | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548. | |||||
CVE-2018-6332 | 1 Facebook | 1 Hhvm | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests. | |||||
CVE-2018-5915 | 1 Qualcomm | 42 Mdm9607, Mdm9607 Firmware, Mdm9640 and 39 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130 | |||||
CVE-2018-6100 | 4 Apple, Debian, Google and 1 more | 6 Mac Os X, Debian Linux, Chrome and 3 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect handling of confusable characters in URL Formatter in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
CVE-2019-3554 | 1 Facebook | 1 Wangle | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
Wangle's AcceptRoutingHandler incorrectly casts a socket when accepting a TLS 1.3 connection, leading to a potential denial of service attack against systems accepting such connections. This affects versions of Wangle prior to v2019.01.14.00 | |||||
CVE-2018-6133 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect handling of confusable characters in URL Formatter in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. |