Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-19864 | 1 Nuuo | 1 Nvrmini2 Firmware | 2019-06-04 | 10.0 HIGH | 9.8 CRITICAL |
| NUUO NVRmini2 Network Video Recorder firmware through 3.9.1 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow), resulting in ability to read camera feeds or reconfigure the device. | |||||
| CVE-2016-9939 | 2 Cryptopp, Debian | 2 Crypto\+\+, Debian Linux | 2019-05-31 | 5.0 MEDIUM | 7.5 HIGH |
| Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ASN.1 BER decoding routine. The library will allocate a memory block based on the length field of the ASN.1 object. If there is not enough content octets in the ASN.1 object, then the function will fail and the memory block will be zeroed even if its unused. There is a noticeable delay during the wipe for a large allocation. | |||||
| CVE-2016-1494 | 3 Fedoraproject, Opensuse, Python | 4 Fedora, Leap, Opensuse and 1 more | 2019-05-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. | |||||
| CVE-2019-11085 | 1 Intel | 2 I915, I915 Firmware | 2019-05-31 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2016-5025 | 1 Nvidia | 40 Geforce 910m, Geforce 920m, Geforce 920mx and 37 more | 2019-05-30 | 6.1 MEDIUM | 6.6 MEDIUM |
| For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows graphics drivers. | |||||
| CVE-2019-9221 | 1 Gitlab | 1 Gitlab | 2019-05-29 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1. It has Incorrect Access Control (issue 3 of 5). | |||||
| CVE-2017-1000368 | 1 Sudo Project | 1 Sudo | 2019-05-29 | 7.2 HIGH | 8.2 HIGH |
| Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. | |||||
| CVE-2018-7832 | 1 Schneider-electric | 1 Pro-face Gp-pro Ex | 2019-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. | |||||
| CVE-2019-11460 | 1 Gnome | 1 Gnome-desktop | 2019-05-27 | 6.8 MEDIUM | 9.0 CRITICAL |
| An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063. | |||||
| CVE-2017-11740 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-05-23 | 6.8 MEDIUM | 8.8 HIGH |
| In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system. | |||||
| CVE-2017-5211 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing. | |||||
| CVE-2018-14729 | 1 Comsenz | 1 Discuz\! | 2019-05-23 | 9.0 HIGH | 8.8 HIGH |
| The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2003-0367 | 2 Debian, Gnu | 2 Debian Linux, Gzip | 2019-05-23 | 2.1 LOW | N/A |
| znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2017-8341 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing. | |||||
| CVE-2016-10712 | 2 Canonical, Php | 2 Ubuntu Linux, Php | 2019-05-22 | 5.0 MEDIUM | 7.5 HIGH |
| In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker. | |||||
| CVE-2017-3273 | 1 Oracle | 1 Mysql | 2019-05-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). | |||||
| CVE-2019-11114 | 1 Intel | 1 Driver \& Support Assistant | 2019-05-21 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2019-0115 | 1 Intel | 1 Graphics Driver | 2019-05-21 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient input validation in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2019-11094 | 1 Intel | 20 Nuc Kit D33217gke, Nuc Kit D53427rke, Nuc Kit D54250wyb and 17 more | 2019-05-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access. | |||||
| CVE-2014-9415 | 1 Huawei | 1 Espace Desktop | 2019-05-20 | 1.9 LOW | N/A |
| Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file. | |||||