Search and browse vulnerability records from NVD
Showing 50 of 41968 CVEs
| CVE ID | Severity | Description | EPSS | Published | |
|---|---|---|---|---|---|
| 7.6 HIGH |
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Hyper-V validates guest operating system user input. |
1.3% | 2019-08-14 | ||
| 8.0 HIGH |
A remote code execution vulnerability exists when Windows Hyper-V Network Switch on a host server fails to properly validate input from an authenticated user on a guest operating system. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system. The security update addresses the vulnerability by correcting how Windows Hyper-V Network Switch validates guest operating system network traffic. |
3.8% | 2019-08-14 | ||
| 7.8 HIGH |
Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. |
1.8% | 2019-08-06 | ||
| 7.1 HIGH |
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user's session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones. This issue affects MongoDB Server v4.0 versions prior to 4.0.9; MongoDB Server v3.6 versions prior to 3.6.13 and MongoDB Server v3.4 versions prior to 3.4.22. Workaround: After deleting one or more users, restart any nodes which may have had active user authorization sessions. Refrain from creating user accounts with the same name as previously deleted accounts. |
1.2% | 2019-08-06 | ||
| 7.8 HIGH |
In Das U-Boot versions 2016.11-rc1 through 2019.07-rc4, an underflow can cause memcpy() to overwrite a very large amount of data (including the whole stack) while reading a crafted ext4 filesystem. |
1.1% | 2019-08-06 | ||
|
CVE-2019-0193
KEV
|
7.2 HIGH |
In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. |
83.5% | 2019-08-01 | |
| 7.5 HIGH |
An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated. |
1.7% | 2019-07-29 | ||
| 7.1 HIGH |
A crafted self-referential DOS partition table will cause all Das U-Boot versions through 2019.07-rc4 to infinitely recurse, causing the stack to grow infinitely and eventually either crash or overwrite other data. |
0.4% | 2019-07-29 | ||
| 7.5 HIGH |
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
2.8% | 2019-07-23 | ||
| 7.5 HIGH |
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
2.2% | 2019-07-23 | ||
| 8.8 HIGH |
POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery (CSRF) attacks. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
1.0% | 2019-07-23 | ||
| 8.8 HIGH |
When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different subdomains ever cooperatively use document.domain, then either page can abuse this to inject script into arbitrary pages on the other subdomain, even those that did not use document.domain to relax their origin security. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
1.6% | 2019-07-23 | ||
|
CVE-2019-11707
KEV
|
8.8 HIGH |
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2. |
38.0% | 2019-07-23 | |
| 7.5 HIGH |
A vulnerability exists in the Windows sandbox where an uninitialized value in memory can be leaked to a renderer from a broker when making a call to access an otherwise unavailable file. This results in the potential leaking of information stored at that memory location. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7. |
1.5% | 2019-07-23 | ||
|
CVE-2019-1579
KEV
|
8.1 HIGH |
Remote Code Execution in PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11-h1 and earlier, and PAN-OS 8.1.2 and earlier with GlobalProtect Portal or GlobalProtect Gateway Interface enabled may allow an unauthenticated remote attacker to execute arbitrary code. |
39.3% | 2019-07-19 | |
|
CVE-2019-13272
KEV
|
7.8 HIGH |
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wants to create a ptrace relationship, which allows local users to obtain root access by leveraging certain scenarios with a parent-child process relationship, where a parent drops privileges and calls execve (potentially allowing control by an attacker). One contributing factor is an object lifetime issue (which can also cause a panic). Another contributing factor is incorrect marking of a ptrace relationship as privileged, which is exploitable through (for example) Polkit's pkexec helper with PTRACE_TRACEME. NOTE: SELinux deny_ptrace might be a usable workaround in some environments. |
52.2% | 2019-07-17 | |
|
CVE-2019-12991
KEV
|
8.8 HIGH |
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). |
73.9% | 2019-07-16 | |
|
CVE-2019-1132
KEV
|
7.8 HIGH |
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. |
9.8% | 2019-07-15 | |
|
CVE-2019-1130
KEV
|
7.8 HIGH |
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1129. |
2.3% | 2019-07-15 | |
|
CVE-2019-1129
KEV
|
7.8 HIGH |
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1130. |
1.8% | 2019-07-15 | |
|
CVE-2019-0880
KEV
|
7.8 HIGH |
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. |
2.4% | 2019-07-15 | |
| 7.5 HIGH |
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: optee_os. The fixed version is: 3.4.0 and later. |
1.4% | 2019-07-15 | ||
|
CVE-2018-18325
KEV
|
7.5 HIGH |
DNN (aka DotNetNuke) 9.2 through 9.2.2 uses a weak encryption algorithm to protect input parameters. NOTE: this issue exists because of an incomplete fix for CVE-2018-15811. |
74.0% | 2019-07-03 | |
|
CVE-2018-15811
KEV
|
7.5 HIGH |
DNN (aka DotNetNuke) 9.2 through 9.2.1 uses a weak encryption algorithm to protect input parameters. |
74.0% | 2019-07-03 | |
| 7.2 HIGH |
app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization. |
3.4% | 2019-06-18 | ||
|
CVE-2019-1069
KEV
|
7.8 HIGH |
An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system. The security update addresses the vulnerability by correctly validating file operations. |
6.2% | 2019-06-12 | |
|
CVE-2019-1064
KEV
|
7.8 HIGH |
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. The security update addresses the vulnerability by correcting how Windows AppX Deployment Service handles hard links. |
6.9% | 2019-06-12 | |
| 7.1 HIGH |
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. |
0.6% | 2019-06-11 | ||
| 8.6 HIGH |
getchar.c in Vim before 8.1.1365 and Neovim before 0.3.6 allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline, as demonstrated by execute in Vim, and assert_fails or nvim_input in Neovim. |
19.1% | 2019-06-05 | ||
| 8.6 HIGH |
The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device. |
3.8% | 2019-06-03 | ||
| 8.6 HIGH |
An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data. |
1.0% | 2019-06-03 | ||
|
CVE-2019-9875
KEV
|
8.8 HIGH |
Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter. |
14.2% | 2019-05-31 | |
| 7.8 HIGH |
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. |
49.7% | 2019-05-28 | ||
| 8.2 HIGH |
A CWE-306: Missing Authentication for Critical Function vulnerability exists which could cause a modification of device IP configuration (IP address, network mask and gateway IP address) when a specific Ethernet frame is received in all versions of: Modicon M100, Modicon M200, Modicon M221, ATV IMC drive controller, Modicon M241, Modicon M251, Modicon M258, Modicon LMC058, Modicon LMC078, PacDrive Eco ,PacDrive Pro, PacDrive Pro2 |
1.2% | 2019-05-22 | ||
| 7.5 HIGH |
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium. |
1.1% | 2019-05-22 | ||
| 7.5 HIGH |
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when an invalid private command parameter is sent to the controller over Modbus. |
3.6% | 2019-05-22 | ||
| 7.5 HIGH |
An Environment (CWE-2) vulnerability exists in SoMachine Basic, all versions, and Modicon M221(all references, all versions prior to firmware V1.10.0.0) which could cause cycle time impact when flooding the M221 ethernet interface while the Ethernet/IP adapter is activated. |
1.1% | 2019-05-22 | ||
|
CVE-2019-0903
KEV
|
8.8 HIGH |
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. |
21.7% | 2019-05-16 | |
|
CVE-2019-0863
KEV
|
7.8 HIGH |
An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. |
5.2% | 2019-05-16 | |
| 7.4 HIGH |
In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c. |
2.0% | 2019-05-15 | ||
|
CVE-2018-4063
KEV
|
8.8 HIGH |
An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. |
28.1% | 2019-05-06 | |
| 7.8 HIGH |
An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable headers for multiple operating systems, including Portable Executable (PE) files for Windows and Executable and Linkable Format (ELF) files for Linux-based systems. This space is left unspecified so that dual-purpose files can be created. For example, dual-purpose TIFF/DICOM files are used in digital whole slide imaging applications in medicine. This design flaw enables system-wide compromise as malicious DICOM files are routinely shared between medical devices and hospital systems and transported via removable media for patient care coordination. To exploit this vulnerability, someone must execute the maliciously crafted file. These files can be executable even with the .dcm file extension. Anti-malware configurations at healthcare facilities often ignore medical imagery. DICOM files exist on systems that process protected health information, and successful exploitation could result in violations of regulatory compliance requirements such as HIPAA and FDA postmarket obligations. |
2.8% | 2019-05-02 | ||
| 7.5 HIGH |
An attacker could send crafted SMTP packets to cause a denial-of-service condition where the controller enters a major non-recoverable faulted state (MNRF) in CompactLogix 5370 L1, L2, and L3 Controllers, Compact GuardLogix 5370 controllers, and Armor Compact GuardLogix 5370 Controllers Versions 20 - 30 and earlier. |
6.1% | 2019-05-01 | ||
| 7.5 HIGH |
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2). |
3.1% | 2019-04-30 | ||
|
CVE-2019-9621
KEV
|
7.5 HIGH |
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. |
80.9% | 2019-04-30 | |
| 8.8 HIGH |
Incorrect handling of __proto__ mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and write. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. |
7.4% | 2019-04-26 | ||
| 8.8 HIGH |
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1. |
29.5% | 2019-04-26 | ||
|
CVE-2019-11539
KEV
|
7.2 HIGH |
In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, the admin web interface allows an authenticated attacker to inject and execute commands. |
98.6% | 2019-04-26 | |
| 8.8 HIGH |
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution. |
6.0% | 2019-04-24 | ||
|
CVE-2019-2616
KEV
|
7.2 HIGH |
Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). While the vulnerability is in BI Publisher (formerly XML Publisher), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher (formerly XML Publisher) accessible data as well as unauthorized read access to a subset of BI Publisher (formerly XML Publisher) accessible data. CVSS 3.0 Base Score 7.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N). |
92.2% | 2019-04-23 |