Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-46108 1 Dlink 2 Dsl-2730e, Dsl-2730e Firmware 2022-04-05 3.5 LOW 5.4 MEDIUM
D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration.
CVE-2018-25020 2 Linux, Netapp 18 Linux Kernel, Cloud Backup, H300e and 15 more 2022-04-05 4.6 MEDIUM 7.8 HIGH
The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.
CVE-2019-9627 1 Cyberark 1 Endpoint Privilege Manager 2022-04-05 6.9 MEDIUM 7.0 HIGH
A buffer overflow in the kernel driver CybKernelTracker.sys in CyberArk Endpoint Privilege Manager versions prior to 10.7 allows an attacker (without Administrator privileges) to escalate privileges or crash the machine by loading an image, such as a DLL, with a long path.
CVE-2017-1002201 2 Debian, Haml 2 Debian Linux, Haml 2022-04-05 4.3 MEDIUM 6.1 MEDIUM
In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code.
CVE-2019-9209 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2022-04-05 4.3 MEDIUM 5.5 MEDIUM
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.
CVE-2019-9641 5 Canonical, Debian, Netapp and 2 more 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more 2022-04-05 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
CVE-2019-9640 6 Canonical, Debian, Netapp and 3 more 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more 2022-04-05 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
CVE-2019-9639 6 Canonical, Debian, Netapp and 3 more 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more 2022-04-05 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
CVE-2019-9162 3 Canonical, Linux, Netapp 7 Ubuntu Linux, Linux Kernel, Cn1610 and 4 more 2022-04-05 4.6 MEDIUM 7.8 HIGH
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.
CVE-2019-9082 3 Opensourcebms, Thinkphp, Zzzcms 3 Open Source Background Management System, Thinkphp, Zzzphp 2022-04-05 9.3 HIGH 8.8 HIGH
ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
CVE-2019-9638 6 Canonical, Debian, Netapp and 3 more 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more 2022-04-05 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVE-2019-6974 5 Canonical, Debian, F5 and 2 more 24 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 21 more 2022-04-05 6.8 MEDIUM 8.1 HIGH
In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.
CVE-2019-10732 2 Debian, Kde 2 Debian Linux, Kmail 2022-04-05 4.3 MEDIUM 4.3 MEDIUM
In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker.
CVE-2019-0160 4 Fedoraproject, Opensuse, Redhat and 1 more 8 Fedora, Leap, Enterprise Linux and 5 more 2022-04-05 7.5 HIGH 9.8 CRITICAL
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
CVE-2019-3710 1 Dell 1 Emc Networking Os10 2022-04-05 6.8 MEDIUM 8.1 HIGH
Dell EMC Networking OS10 versions prior to 10.4.3 contain a cryptographic key vulnerability due to an underlying application using undocumented, pre-installed X.509v3 key/certificate pairs. An unauthenticated remote attacker with the knowledge of the default keys may potentially be able to intercept communications or operate the system with elevated privileges.
CVE-2010-10001 1 Shemes 1 Grabit 2022-04-05 4.3 MEDIUM 5.5 MEDIUM
A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2019-4045 1 Ibm 2 Business Automation Workflow, Business Process Manager 2022-04-05 4.0 MEDIUM 4.3 MEDIUM
IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241.
CVE-2019-8341 2 Opensuse, Pocoo 2 Leap, Jinja2 2022-04-05 7.5 HIGH 9.8 CRITICAL
** DISPUTED ** An issue was discovered in Jinja2 2.10. The from_string function is prone to Server Side Template Injection (SSTI) where it takes the "source" parameter as a template object, renders it, and then returns it. The attacker can exploit it with {{INJECTION COMMANDS}} in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.
CVE-2021-24848 1 Frenify 1 Mediamatic 2022-04-05 6.5 MEDIUM 8.8 HIGH
The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL statement, leading to an SQL injection
CVE-2019-3599 1 Mcafee 1 Agent 2022-04-05 4.3 MEDIUM 7.5 HIGH
Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled.