Vulnerabilities (CVE)

Filtered by CWE-19
Total 233 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-5015 1 Pixar 1 Renderman 2022-04-29 7.2 HIGH 7.8 HIGH
A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful exploit.
CVE-2016-1548 1 Ntp 1 Ntp 2021-11-17 6.4 MEDIUM 7.2 HIGH
An attacker can spoof a packet from a legitimate ntpd server with an origin timestamp that matches the peer->dst timestamp recorded for that server. After making this switch, the client in NTP 4.2.8p4 and earlier and NTPSec aa48d001683e5b791a743ec9c575aaf7d867a2b0c will reject all future legitimate server responses. It is possible to force the victim client to move time after the mode has been changed. ntpq gives no indication that the mode has been switched.
CVE-2016-4828 1 Collne 1 Welcart E-commerce 2021-09-09 6.4 MEDIUM 6.5 MEDIUM
The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress mishandles sessions, which allows remote attackers to obtain access by leveraging knowledge of the e-mail address associated with an account.
CVE-2018-6097 4 Apple, Debian, Google and 1 more 6 Macos, Debian Linux, Chrome and 3 more 2021-09-08 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of asynchronous methods in Fullscreen in Google Chrome on macOS prior to 66.0.3359.117 allowed a remote attacker to enter full screen without showing a warning via a crafted HTML page.
CVE-2016-10081 1 Shutter-project 1 Shutter 2021-08-29 9.3 HIGH 7.8 HIGH
/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.
CVE-2016-0761 2 Cloudfoundry, Pivotal Software 2 Garden Linux, Cloud Foundry Elastic Runtime 2021-08-25 10.0 HIGH 9.8 CRITICAL
Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic Runtime 1.6.x version prior to 1.6.17 contain a flaw in managing container files during Docker image preparation that could be used to delete, corrupt or overwrite host files and directories, including other container filesystems on the host.
CVE-2019-1000007 1 Aioxmpp Project 1 Aioxmpp 2021-07-21 5.8 MEDIUM 7.4 HIGH
aioxmpp version 0.10.2 and earlier contains a Improper Handling of Structural Elements vulnerability in Stanza Parser, rollback during error processing, aioxmpp.xso.model.guard function that can result in Denial of Service, Other. This attack appears to be exploitable via Remote. A crafted stanza can be sent to an application which uses the vulnerable components to either inject data in a different context or cause the application to reconnect (potentially losing data). This vulnerability appears to have been fixed in 0.10.3.
CVE-2019-5675 1 Nvidia 1 Gpu Driver 2021-07-21 7.2 HIGH 7.8 HIGH
NVIDIA Windows GPU Display driver software for Windows (all versions) contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges, or information disclosure.
CVE-2019-5784 1 Google 1 Chrome 2021-07-21 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2019-11218 1 Bonobogitserver 1 Bonobo Git Server 2021-07-21 6.5 MEDIUM 8.8 HIGH
Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions.
CVE-2009-5155 2 Gnu, Netapp 4 Glibc, Cloud Backup, Ontap Select Deploy Administration Utility and 1 more 2021-06-29 5.0 MEDIUM 7.5 HIGH
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.
CVE-2016-8743 1 Apache 1 Http Server 2021-06-06 5.0 MEDIUM 7.5 HIGH
Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.
CVE-2015-7979 1 Ntp 1 Ntp 2021-04-15 5.0 MEDIUM 7.5 HIGH
NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a broadcast client.
CVE-2014-6053 3 Canonical, Debian, Libvncserver 3 Ubuntu Linux, Debian Linux, Libvncserver 2020-10-23 5.0 MEDIUM N/A
The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c in LibVNCServer 0.9.9 and earlier does not properly handle attempts to send a large amount of ClientCutText data, which allows remote attackers to cause a denial of service (memory consumption or daemon crash) via a crafted message that is processed by using a single unchecked malloc.
CVE-2016-2510 3 Beanshell, Canonical, Debian 3 Beanshell, Ubuntu Linux, Debian Linux 2020-10-20 6.8 MEDIUM 8.1 HIGH
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
CVE-2016-1000340 1 Bouncycastle 1 Legion-of-the-bouncy-castle-java-crytography-api 2020-10-20 5.0 MEDIUM 7.5 HIGH
In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers.
CVE-2019-0014 1 Juniper 17 Junos, Ptx1000, Ptx10002 and 14 more 2020-07-22 5.0 MEDIUM 7.5 HIGH
On QFX and PTX Series, receipt of a malformed packet for J-Flow sampling might crash the FPC (Flexible PIC Concentrator) process which causes all interfaces to go down. By continuously sending the offending packet, an attacker can repeatedly crash the FPC process causing a sustained Denial of Service (DoS). This issue affects both IPv4 and IPv6 packet processing. Affected releases are Juniper Networks Junos OS on QFX and PTX Series: 17.4 versions prior to 17.4R2-S1, 17.4R3; 18.1 versions prior to 18.1R3-S1; 18.2 versions prior to 18.2R1-S3, 18.2R2; 17.2X75 versions prior to 17.2X75-D91, 17.2X75-D100.
CVE-2014-8826 1 Apple 1 Mac Os X 2020-07-17 5.0 MEDIUM N/A
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive.
CVE-2019-0817 1 Microsoft 1 Exchange Server 2020-04-09 5.8 MEDIUM 5.4 MEDIUM
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web Access (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0858.
CVE-2015-8985 1 Gnu 1 Glibc 2020-03-31 4.3 MEDIUM 5.9 MEDIUM
The pop_fail_stack function in the GNU C Library (aka glibc or libc6) allows context-dependent attackers to cause a denial of service (assertion failure and application crash) via vectors related to extended regular expression processing.