Total
10067 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1426 | 1 Canonical | 1 Metal As A Service | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2. | |||||
| CVE-2019-0886 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-04 | 2.7 LOW | 6.8 MEDIUM |
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | |||||
| CVE-2019-0690 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 5.5 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0695, CVE-2019-0701. | |||||
| CVE-2018-20846 | 1 Uclouvain | 1 Openjpeg | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out-of-bounds accesses in the functions pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). | |||||
| CVE-2019-12816 | 1 Znc | 1 Znc | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name. | |||||
| CVE-2018-4007 | 1 Shimovpn | 1 Shimo Vpn | 2024-02-04 | 6.6 MEDIUM | 7.1 HIGH |
| An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug. | |||||
| CVE-2019-1984 | 1 Cisco | 1 Enterprise Network Function Virtualization Infrastructure Sofware | 2024-02-04 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Cisco Enterprise Network Functions Virtualization Infrastructure Software (NFVIS) could allow an authenticated, remote attacker with administrator privileges to overwrite files on the underlying operating system (OS) of an affected device. The vulnerability is due to improper input validation in an NFVIS file-system command. An attacker could exploit this vulnerability by using crafted variables during the execution of an affected command. A successful exploit could allow the attacker to overwrite arbitrary files on the underlying OS. | |||||
| CVE-2019-16141 | 1 Once Cell Project | 1 Once Cell | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the once_cell crate before 1.0.1 for Rust. There is a panic during initialization of Lazy. | |||||
| CVE-2019-1862 | 1 Cisco | 1 Ios Xe | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands on the underlying Linux shell of an affected device with root privileges. The vulnerability occurs because the affected software improperly sanitizes user-supplied input. An attacker who has valid administrator access to an affected device could exploit this vulnerability by supplying a crafted input parameter on a form in the Web UI and then submitting that form. A successful exploit could allow the attacker to run arbitrary commands on the device with root privileges, which may lead to complete system compromise. | |||||
| CVE-2018-12190 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient input validation in Intel(r) CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel(r) TXE before 3.1.60 or 4.0.10 may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2017-18388 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). | |||||
| CVE-2019-0957 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0958. | |||||
| CVE-2018-4006 | 1 Shimovpn | 1 Shimo Vpn | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to exploit it successfully. | |||||
| CVE-2019-9847 | 3 Apple, Libreoffice, Microsoft | 3 Macos, Libreoffice, Windows | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. This issue affects: All LibreOffice Windows and macOS versions prior to 6.1.6; LibreOffice Windows and macOS versions in the 6.2 series prior to 6.2.3. | |||||
| CVE-2019-0604 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594. | |||||
| CVE-2018-20980 | 1 Ninjaforms | 1 Ninja Forms | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering. | |||||
| CVE-2019-9927 | 1 Caret | 1 Caret | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Caret before 2019-02-22 allows Remote Code Execution. | |||||
| CVE-2019-5686 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| NVIDIA Windows GPU Display Driver (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software uses an API function or data structure in a way that relies on properties that are not always guaranteed to be valid, which may lead to denial of service. | |||||
| CVE-2019-7617 | 1 Elastic | 1 Apm Agent | 2024-02-04 | 6.4 MEDIUM | 7.2 HIGH |
| When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing. | |||||
| CVE-2018-20873 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 2.1 LOW | 3.3 LOW |
| cPanel before 74.0.8 allows local users to disable the ClamAV daemon (SEC-409). | |||||