Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-19799 | 1 Zohocorp | 1 Manageengine Applications Manager | 2022-03-31 | 5.0 MEDIUM | 5.3 MEDIUM |
Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. | |||||
CVE-2019-11112 | 2 Intel, Netapp | 4 Graphics Driver, Cloud Backup, Data Availability Services and 1 more | 2022-03-31 | 7.2 HIGH | 7.8 HIGH |
Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2019-17055 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2022-03-31 | 2.1 LOW | 3.3 LOW |
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21. | |||||
CVE-2019-3420 | 1 Zte | 2 Zxhn H108n, Zxhn H108n Firmware | 2022-03-31 | 3.3 LOW | 6.5 MEDIUM |
All versions up to V2.5.0_EG1T5_TED of ZTE ZXHN H108N product are impacted by an information leak vulnerability. An attacker could exploit the vulnerability to obtain sensitive information and perform unauthorized operations. | |||||
CVE-2019-17345 | 2 Debian, Xen | 2 Debian Linux, Xen | 2022-03-31 | 4.9 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Xen 4.8.x through 4.11.x allowing x86 PV guest OS users to cause a denial of service because mishandling of failed IOMMU operations causes a bug check during the cleanup of a crashed guest. | |||||
CVE-2019-17344 | 2 Debian, Xen | 2 Debian Linux, Xen | 2022-03-31 | 4.9 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service by leveraging a long-running operation that exists to support restartability of PTE updates. | |||||
CVE-2019-17343 | 2 Debian, Xen | 2 Debian Linux, Xen | 2022-03-31 | 4.6 MEDIUM | 6.8 MEDIUM |
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges by leveraging incorrect use of the HVM physmap concept for PV domains. | |||||
CVE-2019-17340 | 2 Debian, Xen | 2 Debian Linux, Xen | 2022-03-31 | 6.1 MEDIUM | 8.8 HIGH |
An issue was discovered in Xen through 4.11.x allowing x86 guest OS users to cause a denial of service or gain privileges because grant-table transfer requests are mishandled. | |||||
CVE-2019-3728 | 1 Dell | 2 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite | 2022-03-31 | 5.0 MEDIUM | 7.5 HIGH |
RSA BSAFE Crypto-C Micro Edition versions prior to 4.0.5.4 (in 4.0.x) and 4.1.4 (in 4.1.x) and RSA BSAFE Micro Edition Suite versions prior to 4.0.13 (in 4.0.x) and prior to 4.4 (in 4.1.x, 4.2.x, 4.3.x) are vulnerable to a Buffer Over-read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system. | |||||
CVE-2019-11738 | 2 Mozilla, Opensuse | 3 Firefox, Firefox Esr, Leap | 2022-03-31 | 6.8 MEDIUM | 6.3 MEDIUM |
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | |||||
CVE-2019-11735 | 2 Mozilla, Opensuse | 3 Firefox, Firefox Esr, Leap | 2022-03-31 | 6.8 MEDIUM | 8.8 HIGH |
Mozilla developers and community members reported memory safety bugs present in Firefox 68 and Firefox ESR 68. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | |||||
CVE-2022-25568 | 1 Motioneye Project | 1 Motioneye | 2022-03-31 | 4.3 MEDIUM | 7.5 HIGH |
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured. | |||||
CVE-2019-17371 | 1 Gif2png Project | 1 Gif2png | 2022-03-31 | 4.3 MEDIUM | 6.5 MEDIUM |
gif2png 2.5.13 has a memory leak in the writefile function. | |||||
CVE-2019-6144 | 1 Forcepoint | 1 One Endpoint | 2022-03-31 | 4.0 MEDIUM | 6.5 MEDIUM |
This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint (versions 19.04 through 19.08) and bypass DLP and Web protection. | |||||
CVE-2019-17069 | 3 Netapp, Opensuse, Putty | 3 Oncommand Unified Manager Core Package, Leap, Putty | 2022-03-31 | 5.0 MEDIUM | 7.5 HIGH |
PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing freed memory locations via an SSH1_MSG_DISCONNECT message. | |||||
CVE-2019-15703 | 1 Fortinet | 1 Fortios | 2022-03-31 | 2.6 LOW | 7.5 HIGH |
An Insufficient Entropy in PRNG vulnerability in Fortinet FortiOS 6.2.1, 6.2.0, 6.0.8 and below for device not enable hardware TRNG token and models not support builtin TRNG seed allows attacker to theoretically recover the long term ECDSA secret in a TLS client with a RSA handshake and mutual ECDSA authentication via the help of flush+reload side channel attacks in FortiGate VM models only. | |||||
CVE-2019-17673 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2022-03-31 | 5.0 MEDIUM | 7.5 HIGH |
WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header. | |||||
CVE-2019-16928 | 4 Canonical, Debian, Exim and 1 more | 4 Ubuntu Linux, Debian Linux, Exim and 1 more | 2022-03-31 | 7.5 HIGH | 9.8 CRITICAL |
Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. | |||||
CVE-2019-11740 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2022-03-31 | 6.8 MEDIUM | 8.8 HIGH |
Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. | |||||
CVE-2019-13140 | 1 Intenogroup | 2 Eg200, Eg200 Firmware | 2022-03-31 | 4.0 MEDIUM | 6.5 MEDIUM |
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP. |