Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1010234 | 1 Linuxfoundation | 1 Open Network Operating System | 2019-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| The Linux Foundation ONOS 1.15.0 and ealier is affected by: Improper Input Validation. The impact is: The attacker can remotely execute any commands by sending malicious http request to the controller. The component is: Method runJavaCompiler in YangLiveCompilerManager.java. The attack vector is: network connectivity. | |||||
| CVE-2019-1010250 | 1 Linuxfoundation | 1 Open Network Operating System | 2019-07-25 | 5.5 MEDIUM | 4.9 MEDIUM |
| The Linux Foundation ONOS 2.0.0 and earlier is affected by: Poor Input-validation. The impact is: A network administrator (or attacker) can install unintended flow rules in the switch by mistake. The component is: createFlow() and createFlows() functions in FlowWebResource.java (RESTful service). The attack vector is: network management and connectivity. | |||||
| CVE-2019-5680 | 1 Nvidia | 2 Jetson Tx1, Jetson Tx1 Firmware | 2019-07-24 | 4.6 MEDIUM | 6.7 MEDIUM |
| In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges. | |||||
| CVE-2019-1010251 | 1 Oisf | 1 Suricata | 2019-07-23 | 5.0 MEDIUM | 7.5 HIGH |
| Open Information Security Foundation Suricata prior to version 4.1.2 is affected by: Denial of Service - DNS detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed network packet. The component is: app-layer-detect-proto.c, decode.c, decode-teredo.c and decode-ipv6.c (https://github.com/OISF/suricata/pull/3590/commits/11f3659f64a4e42e90cb3c09fcef66894205aefe, https://github.com/OISF/suricata/pull/3590/commits/8357ef3f8ffc7d99ef6571350724160de356158b). The attack vector is: An attacker can trigger the vulnerability by sending a specifically crafted network request. The fixed version is: 4.1.2. | |||||
| CVE-2018-20743 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2019-07-23 | 5.0 MEDIUM | 7.5 HIGH |
| murmur in Mumble through 1.2.19 before 2018-08-31 mishandles multiple concurrent requests that are persisted in the database, which allows remote attackers to cause a denial of service (daemon hang or crash) via a message flood. | |||||
| CVE-2018-18541 | 2 Debian, Teeworlds | 2 Debian Linux, Teeworlds | 2019-07-23 | 5.0 MEDIUM | 7.5 HIGH |
| In Teeworlds before 0.6.5, connection packets could be forged. There was no challenge-response involved in the connection build up. A remote attacker could send connection packets from a spoofed IP address and occupy all server slots, or even use them for a reflection attack using map download packets. | |||||
| CVE-2019-7843 | 3 Adobe, Linux, Microsoft | 3 Campaign, Linux Kernel, Windows | 2019-07-22 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Insufficient input validation vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user. | |||||
| CVE-2018-8779 | 3 Canonical, Debian, Ruby-lang | 3 Ubuntu Linux, Debian Linux, Ruby | 2019-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, the UNIXServer.open and UNIXSocket.open methods are not checked for null characters. It may be connected to an unintended socket. | |||||
| CVE-2018-19629 | 1 Hyland | 1 Perceptive Content Server | 2019-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability in the ImageNow Server service in Hyland Perceptive Content Server before 7.1.5 allows an attacker to crash the service via a TCP connection. | |||||
| CVE-2019-1072 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-07-19 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'. | |||||
| CVE-2019-1109 | 1 Microsoft | 2 Office, Office 365 | 2019-07-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'. | |||||
| CVE-2019-1113 | 1 Microsoft | 10 .net Framework, Visual Studio 2017, Windows 10 and 7 more | 2019-07-19 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. | |||||
| CVE-2019-0966 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-07-18 | 5.5 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | |||||
| CVE-2017-7189 | 1 Php | 1 Php | 2019-07-17 | 5.0 MEDIUM | 7.5 HIGH |
| main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number (i.e., 443 in this example) is hardcoded into an application as a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this example) is obtained from untrusted input. | |||||
| CVE-2014-8415 | 1 Digium | 1 Asterisk | 2019-07-16 | 5.0 MEDIUM | N/A |
| Race condition in the chan_pjsip channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 allows remote attackers to cause a denial of service (assertion failure and crash) via a cancel request for a SIP session with a queued action to (1) answer a session or (2) send ringing. | |||||
| CVE-2014-8416 | 1 Digium | 1 Asterisk | 2019-07-16 | 5.0 MEDIUM | N/A |
| Use-after-free vulnerability in the PJSIP channel driver in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1, when using the res_pjsip_refer module, allows remote attackers to cause a denial of service (crash) via an in-dialog INVITE with Replaces message, which triggers the channel to be hung up. | |||||
| CVE-2013-0334 | 3 Bundler, Fedoraproject, Opensuse | 3 Bundler, Fedora, Opensuse | 2019-07-16 | 5.0 MEDIUM | N/A |
| Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source. | |||||
| CVE-2014-3798 | 1 Citrix | 1 Xenserver | 2019-07-15 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Windows Guest Tools in Citrix XenServer 6.2 SP1 and earlier allows remote attackers to cause a denial of service (guest OS crash) via a crafted Ethernet frame. | |||||
| CVE-2018-15738 | 1 Stopzilla | 1 Antimalware | 2019-07-15 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains an Arbitrary Write vulnerability due to not validating the output buffer address value from IOCtl 0x8000205F. | |||||
| CVE-2018-19580 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of GitLab prior to 11.5.1, 11.4.8, and 11.3.11 do not send an email to the old email address when an email address change is made. | |||||