Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-5929 2 Qos, Redhat 3 Logback, Satellite, Satellite Capsule 2022-04-18 7.5 HIGH 9.8 CRITICAL
QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting the SocketServer and ServerSocketReceiver components.
CVE-2017-5991 2 Artifex, Debian 2 Mupdf, Debian Linux 2022-04-18 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.
CVE-2016-5018 6 Apache, Canonical, Debian and 3 more 15 Tomcat, Ubuntu Linux, Debian Linux and 12 more 2022-04-18 6.4 MEDIUM 9.1 CRITICAL
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
CVE-2016-0762 6 Apache, Canonical, Debian and 3 more 15 Tomcat, Ubuntu Linux, Debian Linux and 12 more 2022-04-18 4.3 MEDIUM 5.9 MEDIUM
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.
CVE-2017-9841 2 Oracle, Phpunit Project 2 Communications Diameter Signaling Router, Phpunit 2022-04-18 7.5 HIGH 9.8 CRITICAL
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
CVE-2016-6796 6 Apache, Canonical, Debian and 3 more 15 Tomcat, Ubuntu Linux, Debian Linux and 12 more 2022-04-18 5.0 MEDIUM 7.5 HIGH
A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
CVE-2016-6797 6 Apache, Canonical, Debian and 3 more 14 Tomcat, Ubuntu Linux, Debian Linux and 11 more 2022-04-18 5.0 MEDIUM 7.5 HIGH
The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
CVE-2016-6794 6 Apache, Canonical, Debian and 3 more 14 Tomcat, Ubuntu Linux, Debian Linux and 11 more 2022-04-18 5.0 MEDIUM 5.3 MEDIUM
When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
CVE-2022-25831 1 Google 1 Android 2022-04-18 1.9 LOW 4.6 MEDIUM
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.
CVE-2017-4995 1 Vmware 1 Spring Security 2022-04-18 6.8 MEDIUM 8.1 HIGH
An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets." Spring Security configures Jackson with global default typing enabled, which means that (through the previous exploit) arbitrary code could be executed if all of the following is true: (1) Spring Security's Jackson support is being leveraged by invoking SecurityJackson2Modules.getModules(ClassLoader) or SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson is used to deserialize data that is not trusted (Spring Security does not perform deserialization using Jackson, so this is an explicit choice of the user); and (3) there is an unknown (Jackson is not blacklisting it already) "deserialization gadget" that allows code execution present on the classpath. Jackson provides a blacklisting approach to protecting against this type of attack, but Spring Security should be proactive against blocking unknown "deserialization gadgets" when Spring Security enables default typing.
CVE-2022-27834 2 Google, Samsung 4 Android, Exynos 2100, Exynos 980 and 1 more 2022-04-18 4.4 MEDIUM 7.0 HIGH
Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions.
CVE-2019-9628 3 Canonical, Opensuse, Xmltooling Project 3 Ubuntu Linux, Leap, Xmltooling 2022-04-18 5.0 MEDIUM 7.5 HIGH
The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type.
CVE-2019-0037 1 Juniper 1 Junos 2022-04-18 5.0 MEDIUM 7.5 HIGH
In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S12, 15.1R7-S3; 15.1X49 versions prior to 15.1X49-D171, 15.1X49-D180; 15.1X53 versions prior to 15.1X53-D236, 15.1X53-D496; 16.1 versions prior to 16.1R3-S10, 16.1R7-S4; 16.2 versions prior to 16.2R2-S8; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R3-S1; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S2; 18.2 versions prior to 18.2R2; 18.2X75 versions prior to 18.2X75-D30; 18.3 versions prior to 18.3R1-S2. This issue does not affect Junos OS releases prior to 15.1.
CVE-2019-6139 1 Forcepoint 1 User Id 2022-04-18 7.5 HIGH 9.8 CRITICAL
Forcepoint User ID (FUID) server versions up to 1.2 have a remote arbitrary file upload vulnerability on TCP port 5001. Successful exploitation of this vulnerability may lead to remote code execution. To fix this vulnerability, upgrade to FUID version 1.3 or higher. To prevent the vulnerability on FUID versions 1.2 and below, apply local firewall rules on the FUID server to disable all external access to port TCP/5001. FUID requires this port only for local connections through the loopback interface.
CVE-2018-19277 1 Phpspreadsheet Project 1 Phpspreadsheet 2022-04-18 6.8 MEDIUM 8.8 HIGH
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
CVE-2018-5546 3 Apple, F5, Linux 4 Macos, Big-ip Access Policy Manager, Big-ip Access Policy Manager Client and 1 more 2022-04-18 7.2 HIGH 7.8 HIGH
The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host.
CVE-2018-11771 2 Apache, Oracle 2 Commons Compress, Weblogic Server 2022-04-18 4.3 MEDIUM 5.5 MEDIUM
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package.
CVE-2022-20065 2 Google, Mediatek 30 Android, Mt6580, Mt6737 and 27 more 2022-04-18 4.6 MEDIUM 6.7 MEDIUM
In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108658; Issue ID: ALPS06108658.
CVE-2018-1288 3 Apache, Oracle, Redhat 5 Kafka, Database, Primavera P6 Enterprise Project Portfolio Management and 2 more 2022-04-18 5.5 MEDIUM 5.4 MEDIUM
In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.
CVE-2018-12584 2 Debian, Resiprocate 2 Debian Linux, Resiprocate 2022-04-18 7.5 HIGH 9.8 CRITICAL
The ConnectionBase::preparseNewBytes function in resip/stack/ConnectionBase.cxx in reSIProcate through 1.10.2 allows remote attackers to cause a denial of service (buffer overflow) or possibly execute arbitrary code when TLS communication is enabled.