Total
10067 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-4353 | 1 Apple | 1 Mac Os X | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14. | |||||
| CVE-2019-16412 | 1 Tendacn | 2 N301, N301 Firmware | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.) | |||||
| CVE-2017-7189 | 1 Php | 1 Php | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input. | |||||
| CVE-2019-1020015 | 1 Hasura | 1 Graphql Engine | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| graphql-engine (aka Hasura GraphQL Engine) before 1.0.0-beta.3 mishandles the audience check while verifying JWT. | |||||
| CVE-2019-5461 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 4.0 MEDIUM | 3.5 LOW |
| An input validation problem was discovered in the GitHub service integration which could result in an attacker being able to make arbitrary POST requests in a GitLab instance's internal network. This vulnerability was addressed in 12.1.2, 12.0.4, and 11.11.6. | |||||
| CVE-2018-12187 | 1 Intel | 1 Active Management Technology Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access. | |||||
| CVE-2019-10028 | 1 Netflix | 1 Dial Reference | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Denial of Service (DOS) in Dial Reference Source Code Used before June 18th, 2019. | |||||
| CVE-2017-12795 | 1 Openmrs | 1 Openmrs-module-htmlformentry | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation). | |||||
| CVE-2017-18465 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| cPanel before 62.0.17 does not have a sufficient list of reserved usernames (SEC-227). | |||||
| CVE-2018-20912 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| cPanel before 70.0.23 allows demo accounts to execute code via awstats (SEC-362). | |||||
| CVE-2019-1822 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system. | |||||
| CVE-2014-9186 | 1 Honeywell | 1 Experion Process Knowledge System | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2018-4195 | 1 Apple | 1 Safari | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to Safari 12. | |||||
| CVE-2018-4395 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5. | |||||
| CVE-2016-10899 | 1 Fabrix | 1 Total Security | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability. | |||||
| CVE-2019-1753 | 1 Cisco | 1 Ios Xe | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated but unprivileged (level 1), remote attacker to run privileged Cisco IOS commands by using the web UI. The vulnerability is due to a failure to validate and sanitize input in Web Services Management Agent (WSMA) functions. An attacker could exploit this vulnerability by submitting a malicious payload to the affected device's web UI. A successful exploit could allow the lower-privileged attacker to execute arbitrary commands with higher privileges on the affected device. | |||||
| CVE-2019-0271 | 1 Sap | 3 Advanced Business Application Programming Platform, Advanced Business Application Programming Server, Sap Kernel | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below. | |||||
| CVE-2019-11460 | 1 Gnome | 1 Gnome-desktop | 2024-02-04 | 6.8 MEDIUM | 9.0 CRITICAL |
| An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063. | |||||
| CVE-2019-10063 | 1 Flatpak | 1 Flatpak | 2024-02-04 | 6.8 MEDIUM | 9.0 CRITICAL |
| Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI. | |||||
| CVE-2019-5800 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||