Total
227 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0274 | 1 Linux | 1 Linux Kernel | 2024-02-15 | 7.2 HIGH | N/A |
The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access. | |||||
CVE-2019-0817 | 1 Microsoft | 1 Exchange Server | 2023-12-10 | 5.8 MEDIUM | 5.4 MEDIUM |
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858. | |||||
CVE-2019-13917 | 2 Debian, Exim | 2 Debian Linux, Exim | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
Exim 4.85 through 4.92 (fixed in 4.92.1) allows remote code execution as root in some unusual configurations that use the ${sort } expansion for items that can be controlled by an attacker (e.g., $local_part or $domain). | |||||
CVE-2019-13624 | 1 Onosproject | 1 Onos | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command. | |||||
CVE-2019-0945 | 1 Microsoft | 2 Office, Office 365 | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0946, CVE-2019-0947. | |||||
CVE-2019-0089 | 1 Intel | 1 Server Platform Services | 2023-12-10 | 4.6 MEDIUM | 6.7 MEDIUM |
Improper data sanitization vulnerability in subsystem in Intel(R) SPS before versions SPS_E5_04.00.04.381.0, SPS_E3_04.01.04.054.0, SPS_SoC-A_04.00.04.181.0, and SPS_SoC-X_04.00.04.086.0 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2019-0811 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability exists in Windows DNS Server when it fails to properly handle DNS queries, aka 'Windows DNS Server Denial of Service Vulnerability'. | |||||
CVE-2019-9573 | 1 Mishubd | 1 Wp Human Resource Management | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications. | |||||
CVE-2019-5675 | 1 Nvidia | 1 Gpu Driver | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure. | |||||
CVE-2019-10477 | 2 Fusioninventory, Glpi-project | 2 Fusioninventory, Glpi | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The FusionInventory plugin before 1.4 for GLPI 9.3.x and before 1.1 for GLPI 9.4.x mishandles sendXML actions. | |||||
CVE-2019-14794 | 1 Metabox | 1 Meta Box | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Meta Box plugin before 4.16.2 for WordPress mishandles the uploading of files to custom folders. | |||||
CVE-2019-12828 | 1 Ea | 1 Origin | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share. | |||||
CVE-2019-0947 | 1 Microsoft | 1 Office | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0945, CVE-2019-0946. | |||||
CVE-2019-4236 | 2 Hp, Ibm | 2 Hp-ux, Spectrum Protect | 2023-12-10 | 3.6 LOW | 4.4 MEDIUM |
A IBM Spectrum Protect 7.l client backup or archive operation running for an HP-UX VxFS object is silently skipping Access Control List (ACL) entries from backup or archive if there are more than twelve ACL entries associated with the object in total. As a result, it could allow a local attacker to restore or retrieve the object with incorrect ACL entries. IBM X-Force ID: 159418. | |||||
CVE-2019-9870 | 1 Oembed Project | 1 Oembed | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements. | |||||
CVE-2019-9673 | 1 Freenetproject | 1 Freenet | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI. | |||||
CVE-2019-1083 | 1 Microsoft | 9 .net Framework, Windows 10, Windows 7 and 6 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests, aka '.NET Denial of Service Vulnerability'. | |||||
CVE-2019-11218 | 1 Bonobogitserver | 1 Bonobo Git Server | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions. | |||||
CVE-2019-0941 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests, aka 'Microsoft IIS Server Denial of Service Vulnerability'. | |||||
CVE-2019-0981 | 1 Microsoft | 10 .net Core, .net Framework, Windows 10 and 7 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka '.Net Framework and .Net Core Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980. |