Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-0657 | 1 Microsoft | 12 .net Core, .net Framework, Powershell Core and 9 more | 2019-03-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'. | |||||
| CVE-2018-4240 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-03-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message. | |||||
| CVE-2018-7449 | 2 Microsoft, Segger | 2 Windows, Embos\/ip Ftp Server | 2019-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. | |||||
| CVE-2018-1294 | 1 Apache | 1 Commons Email | 2019-03-07 | 5.0 MEDIUM | 7.5 HIGH |
| If a user of Apache Commons Email (typically an application programmer) passes unvalidated input as the so-called "Bounce Address", and that input contains line-breaks, then the email details (recipients, contents, etc.) might be manipulated. Mitigation: Users should upgrade to Commons-Email 1.5. You can mitigate this vulnerability for older versions of Commons Email by stripping line-breaks from data, that will be passed to Email.setBounceAddress(String). | |||||
| CVE-2019-0670 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2019-03-06 | 5.8 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists in Microsoft SharePoint when the application does not properly parse HTTP content, aka 'Microsoft SharePoint Spoofing Vulnerability'. | |||||
| CVE-2018-5955 | 1 Smartmobilesoftware | 1 Gitstack | 2019-03-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitStack through 2.3.10. User controlled input is not sufficiently filtered, allowing an unauthenticated attacker to add a user to the server via the username and password fields to the rest/user/ URI. | |||||
| CVE-2011-0764 | 3 Foolabs, Glyphandcog, T1lib | 3 Xpdf, Xpdfreader, T1lib | 2019-03-06 | 6.8 MEDIUM | N/A |
| t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf. | |||||
| CVE-2010-3704 | 4 Foolabs, Glyphandcog, Kde and 1 more | 4 Xpdf, Xpdfreader, Kdegraphics and 1 more | 2019-03-06 | 6.8 MEDIUM | N/A |
| The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. | |||||
| CVE-2018-8971 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2019-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, and 10.5.x before 10.5.6 has an incorrect omniauth-auth0 configuration, leading to signing in unintended users. | |||||
| CVE-2018-5341 | 1 Zohocorp | 1 Manageengine Desktop Central | 2019-03-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 and 10.0.184: a missing server-side check on the file type/extension when uploading and modifying scripts. | |||||
| CVE-2018-11280 | 1 Google | 1 Android | 2019-03-05 | 4.9 MEDIUM | 5.5 MEDIUM |
| In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. If the user input size of the NAT entry is greater than the max allowed size, memory exhaustion will occur. | |||||
| CVE-2018-15319 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2019-03-05 | 7.8 HIGH | 7.5 HIGH |
| On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.6, malicious requests made to virtual servers with an HTTP profile can cause the TMM to restart. The issue is exposed with the non-default "normalize URI" configuration options used in iRules and/or BIG-IP LTM policies. | |||||
| CVE-2018-7549 | 3 Canonical, Redhat, Zsh | 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2019-03-04 | 5.0 MEDIUM | 7.5 HIGH |
| In params.c in zsh through 5.4.2, there is a crash during a copy of an empty hash table, as demonstrated by typeset -p. | |||||
| CVE-2018-20152 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2019-03-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In WordPress before 4.9.9 and 5.x before 5.0.1, authors could bypass intended restrictions on post types via crafted input. | |||||
| CVE-2018-6360 | 2 Debian, Mpv | 2 Debian Linux, Mpv | 2019-03-01 | 6.8 MEDIUM | 8.8 HIGH |
| mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lavfi:ladspa=file= URL signifies that the product should call dlopen on a shared object file located at an arbitrary local pathname. The issue exists because the product does not consider that youtube-dl can provide a potentially unsafe URL. | |||||
| CVE-2018-12401 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2019-03-01 | 5.0 MEDIUM | 7.5 HIGH |
| Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service (DOS) attacks. This vulnerability affects Firefox < 63. | |||||
| CVE-2018-8474 | 1 Microsoft | 1 Lync For Mac | 2019-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects Microsoft Lync. | |||||
| CVE-2018-11864 | 1 Qualcomm | 84 Ipq8074, Ipq8074 Firmware, Mdm9150 and 81 more | 2019-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| Bytes can be written to fuses from Secure region which can be read later by HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. | |||||
| CVE-2018-11931 | 1 Qualcomm | 80 Mdm9150, Mdm9150 Firmware, Mdm9206 and 77 more | 2019-02-27 | 7.2 HIGH | 7.8 HIGH |
| Improper access to HLOS is possible while transferring memory to CPZ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in versions MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. | |||||
| CVE-2018-11932 | 1 Qualcomm | 40 Mdm9650, Mdm9650 Firmware, Mdm9655 and 37 more | 2019-02-26 | 6.4 MEDIUM | 9.1 CRITICAL |
| Improper input validation can lead RW access to secure subsystem from HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9650, MDM9655, MSM8996AU, QCS605, SD 410/12, SD 615/16/SD 415, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SXR1130. | |||||