ReportizFlow
Filtered by vendor
Subscriptions
Total
12641 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0192 | 3 Apache, Netapp, Redhat | 3 Solr, Storage Automation Store, Jboss Fuse | 2024-11-21 | N/A |
| In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. | ||||
| CVE-2019-0191 | 1 Apache | 1 Karaf | 2024-11-21 | N/A |
| Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with ".." directory names and break out of the directories to write arbitrary content to the filesystem. This is the "Zip-slip" vulnerability - https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted. | ||||
| CVE-2019-0168 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2024-11-21 | 4.4 Medium |
| Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2019-0166 | 1 Intel | 1 Active Management Technology Firmware | 2024-11-21 | 7.5 High |
| Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2019-0165 | 1 Intel | 1 Converged Security Management Engine Firmware | 2024-11-21 | 4.4 Medium |
| Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2019-0163 | 1 Intel | 2 I5-5350u, I5-5350u Firmware | 2024-11-21 | N/A |
| Insufficient input validation in system firmware for Intel(R) Broadwell U i5 vPro before version MYBDWi5v.86A may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access. | ||||
| CVE-2019-0157 | 2 Intel, Linux | 3 Software Guard Extensions, Software Guard Extensions Data Center Attestation Primitives, Linux Kernel | 2024-11-21 | N/A |
| Insufficient input validation in the Intel(R) SGX driver for Linux may allow an authenticated user to potentially enable a denial of service via local access. | ||||
| CVE-2019-0149 | 1 Intel | 13 Ethernet 700 Series Software, Ethernet Controller 710-bm1, Ethernet Controller 710-bm1 Firmware and 10 more | 2024-11-21 | 5.5 Medium |
| Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. | ||||
| CVE-2019-0147 | 1 Intel | 13 Ethernet 700 Series Software, Ethernet Controller 710-bm1, Ethernet Controller 710-bm1 Firmware and 10 more | 2024-11-21 | 5.5 Medium |
| Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | ||||
| CVE-2019-0131 | 1 Intel | 1 Active Management Technology Firmware | 2024-11-21 | 8.1 High |
| Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. | ||||
| CVE-2019-0115 | 1 Intel | 1 Graphics Driver | 2024-11-21 | N/A |
| Insufficient input validation in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2019-0097 | 1 Intel | 1 Active Management Technology Firmware | 2024-11-21 | N/A |
| Insufficient input validation vulnerability in subsystem for Intel(R) AMT before version 12.0.35 may allow a privileged user to potentially enable denial of service via network access. | ||||
| CVE-2019-0094 | 1 Intel | 1 Active Management Technology Firmware | 2024-11-21 | 4.3 Medium |
| Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access. | ||||
| CVE-2019-0092 | 1 Intel | 1 Active Management Technology Firmware | 2024-11-21 | 6.8 Medium |
| Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | ||||
| CVE-2019-0070 | 1 Juniper | 3 Junos, Nfx150, Nfx250 | 2024-11-21 | 8.8 High |
| An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the attacker being able to take control of the entire system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1 on NFX Series. | ||||
| CVE-2018-9970 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA execEvent method of Button elements. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5580. | ||||
| CVE-2018-9935 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2024-11-21 | N/A |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addField method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5312. | ||||
| CVE-2018-9846 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-11-21 | N/A |
| In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "_uid" parameter (in an archive.php _task=mail&_mbox=INBOX&_action=plugin.move2archive request) to perform an MX (IMAP) injection attack by placing an IMAP command after a %0d%0a sequence. NOTE: this is less easily exploitable in 1.3.4 and later because of a Same Origin Policy protection mechanism. | ||||
| CVE-2018-9839 | 1 Mantisbt | 1 Mantisbt | 2024-11-21 | N/A |
| An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to reproduce, additional information) when cloning it. By checking the 'Copy issue notes' and 'Copy attachments' checkboxes and completing the clone operation, this data also becomes public (except private notes). | ||||
| CVE-2018-9547 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-114223584. | ||||