Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-19799 1 Zohocorp 1 Manageengine Applications Manager 2022-03-31 5.0 MEDIUM 5.3 MEDIUM
Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet.
CVE-2019-11112 2 Intel, Netapp 4 Graphics Driver, Cloud Backup, Data Availability Services and 1 more 2022-03-31 7.2 HIGH 7.8 HIGH
Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-17055 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2022-03-31 2.1 LOW 3.3 LOW
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.
CVE-2019-3420 1 Zte 2 Zxhn H108n, Zxhn H108n Firmware 2022-03-31 3.3 LOW 6.5 MEDIUM
All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations.
CVE-2019-17345 2 Debian, Xen 2 Debian Linux, Xen 2022-03-31 4.9 MEDIUM 6.5 MEDIUM
An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest.
CVE-2019-17344 2 Debian, Xen 2 Debian Linux, Xen 2022-03-31 4.9 MEDIUM 6.5 MEDIUM
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates.
CVE-2019-17343 2 Debian, Xen 2 Debian Linux, Xen 2022-03-31 4.6 MEDIUM 6.8 MEDIUM
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains.
CVE-2019-17340 2 Debian, Xen 2 Debian Linux, Xen 2022-03-31 6.1 MEDIUM 8.8 HIGH
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled.
CVE-2019-3728 1 Dell 2 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite 2022-03-31 5.0 MEDIUM 7.5 HIGH
RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system.
CVE-2019-11738 2 Mozilla, Opensuse 3 Firefox, Firefox Esr, Leap 2022-03-31 6.8 MEDIUM 6.3 MEDIUM
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
CVE-2019-11735 2 Mozilla, Opensuse 3 Firefox, Firefox Esr, Leap 2022-03-31 6.8 MEDIUM 8.8 HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.
CVE-2022-25568 1 Motioneye Project 1 Motioneye 2022-03-31 4.3 MEDIUM 7.5 HIGH
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
CVE-2019-17371 1 Gif2png Project 1 Gif2png 2022-03-31 4.3 MEDIUM 6.5 MEDIUM
gif2png 2.5.13 has a memory leak in the writefile function.
CVE-2019-6144 1 Forcepoint 1 One Endpoint 2022-03-31 4.0 MEDIUM 6.5 MEDIUM
This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection.
CVE-2019-17069 3 Netapp, Opensuse, Putty 3 Oncommand Unified Manager Core Package, Leap, Putty 2022-03-31 5.0 MEDIUM 7.5 HIGH
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message.
CVE-2019-15703 1 Fortinet 1 Fortios 2022-03-31 2.6 LOW 7.5 HIGH
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only.
CVE-2019-17673 2 Debian, Wordpress 2 Debian Linux, Wordpress 2022-03-31 5.0 MEDIUM 7.5 HIGH
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header.
CVE-2019-16928 4 Canonical, Debian, Exim and 1 more 4 Ubuntu Linux, Debian Linux, Exim and 1 more 2022-03-31 7.5 HIGH 9.8 CRITICAL
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command.
CVE-2019-11740 3 Canonical, Mozilla, Opensuse 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more 2022-03-31 6.8 MEDIUM 8.8 HIGH
Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
CVE-2019-13140 1 Intenogroup 2 Eg200, Eg200 Firmware 2022-03-31 4.0 MEDIUM 6.5 MEDIUM
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.