Total
10067 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-1712 | 1 Cisco | 1 Ios Xr | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device. The vulnerability is due to the incorrect processing of crafted AutoRP packets. An attacker could exploit this vulnerability by sending crafted packets to port UDP 496 on a reachable IP address on the device. A successful exploit could allow the attacker to cause the PIM process to restart. Software versions prior to 6.2.3, 6.3.2, 6.4.0, and 6.5.1 are affected. | |||||
CVE-2019-5611 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service. | |||||
CVE-2018-15732 | 1 Stopzilla | 1 Antimalware | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x80002063. | |||||
CVE-2018-20013 | 1 Urbackup | 1 Urbackup | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In UrBackup 2.2.6, an attacker can send a malformed request to the client over the network, and trigger a fileservplugin/CClientThread.cpp CClientThread::ProcessPacket metadata_id!=0 assertion, leading to shutting down the client application. | |||||
CVE-2019-9819 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability where a JavaScript compartment mismatch can occur while working with the fetch API, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. | |||||
CVE-2019-0973 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Installer Elevation of Privilege Vulnerability'. | |||||
CVE-2016-10850 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
cPanel before 11.54.0.4 allows arbitrary code execution via scripts/synccpaddonswithsqlhost (SEC-83). | |||||
CVE-2018-20985 | 1 Payeezy | 1 Wp Payeezy Pay | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
The wp-payeezy-pay plugin before 2.98 for WordPress has local file inclusion in pay.php, donate.php, donate-rec, and pay-rec. | |||||
CVE-2017-18382 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 4.0 MEDIUM | 2.7 LOW |
cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306). | |||||
CVE-2018-19642 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
CVE-2019-16314 | 1 Indexhibit | 1 Indexhibit | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
Indexhibit 2.1.5 allows a product reinstallation, with resultant remote code execution, via /ndxzstudio/install.php?p=2. | |||||
CVE-2018-4342 | 1 Apple | 1 Mac Os X | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1. | |||||
CVE-2018-15736 | 1 Stopzilla | 1 Antimalware | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204F. | |||||
CVE-2019-11125 | 1 Intel | 13 Compute Card Cd1c64gk, Compute Card Cd1iv128mk, Compute Card Cd1m3128mk and 10 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||
CVE-2019-5801 | 3 Apple, Google, Opensuse | 4 Iphone Os, Chrome, Backports and 1 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. | |||||
CVE-2019-1823 | 1 Cisco | 3 Evolved Programmable Network Manager, Network Level Service, Prime Infrastructure | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system. | |||||
CVE-2019-1598 | 1 Cisco | 12 Firepower 4100, Firepower 9300, Firepower Extensible Operating System and 9 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
Multiple vulnerabilities in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets by an affected device. An attacker could exploit these vulnerabilities by sending an LDAP packet crafted using Basic Encoding Rules (BER) to an affected device. The LDAP packet must have a source IP address of an LDAP server configured on the targeted device. A successful exploit could cause the affected device to reload, resulting in a DoS condition. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. Firepower 9300 Security Appliances are affected in versions prior to 2.0.1.201, 2.2.2.54, and 2.3.1.75. MDS 9000 Series Multilayer Switches are affected in versions prior to 8.2(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(1). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(2). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(20), 7.3(2)D1(1), and 8.2(1). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(1). UCS 6200 and 6300 Fabric Interconnect are affected in versions prior to 3.2(2b). | |||||
CVE-2019-5242 | 1 Huawei | 1 Pcmanager | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
There is a code execution vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to execute malicious code and read/write memory. | |||||
CVE-2019-11967 | 1 Hp | 1 Intelligent Management Center | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
CVE-2015-9348 | 1 Codepeople | 1 Sell Downloads | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
The sell-downloads plugin before 1.0.8 for WordPress has insufficient restrictions on brute-force guessing of purchase IDs. |