Total
67 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19089 | 1 Hitachienergy | 1 Esoms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared. A possible attack scenario would be unauthorized code execution via text interpreted as JavaScript. | |||||
| CVE-2019-17596 | 6 Arista, Debian, Fedoraproject and 3 more | 11 Cloudvision Portal, Eos, Mos and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. | |||||
| CVE-2019-0052 | 1 Juniper | 10 Junos, Sr4600, Srx1500 and 7 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The srxpfe process may crash on SRX Series services gateways when the UTM module processes a specific fragmented HTTP packet. The packet is misinterpreted as a regular TCP packet which causes the processor to crash. This issue affects all SRX Series platforms that support URL-Filtering and have web-filtering enabled. Affected releases are Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series; 17.3 versions on SRX Series; 17.4 versions prior to 17.4R1-S8, 17.4R2-S5, 17.4R3 on SRX Series; 18.1 versions prior to 18.1R3-S6 on SRX Series; 18.2 versions prior to 18.2R2-S1, 18.2R3 on SRX Series; 18.3 versions prior to 18.3R1-S2, 18.3R2 on SRX Series; 18.4 versions prior to 18.4R1-S1, 18.4R2 on SRX Series. | |||||
| CVE-2018-6560 | 2 Flatpak, Redhat | 7 Flatpak, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
| In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon. | |||||
| CVE-2018-19966 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service (host OS crash) or possibly gain host OS privileges because of an interpretation conflict for a union data structure associated with shadow paging. NOTE: this issue exists because of an incorrect fix for CVE-2017-15595. | |||||
| CVE-2024-42487 | 1 Cilium | 1 Cilium | 2024-09-30 | N/A | 4.3 MEDIUM |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In the 1.15 branch prior to 1.15.8 and the 1.16 branch prior to 1.16.1, Gateway API HTTPRoutes and GRPCRoutes do not follow the match precedence specified in the Gateway API specification. In particular, request headers are matched before request methods, when the specification describes that the request methods must be respected before headers are matched. This could result in unexpected behaviour with security This issue is fixed in Cilium v1.15.8 and v1.16.1. There is no workaround for this issue. | |||||
| CVE-2024-45097 | 1 Ibm | 1 Aspera Faspex | 2024-09-06 | N/A | 7.1 HIGH |
| IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification. | |||||