Search Results (Refine Search)
- Results Type: Overview
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-5517 |
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain multiple out-of-bounds read vulnerabilities in the shader translator. Exploitation of these issues requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for these issues involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. Published: April 15, 2019; 2:29:01 PM -0400 |
V4.0:(not available) V3.0: 6.8 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2019-5516 |
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds vulnerability with the vertex shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure or may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. Published: April 15, 2019; 1:29:00 PM -0400 |
V4.0:(not available) V3.0: 6.8 MEDIUM V2.0: 5.8 MEDIUM |
CVE-2019-6609 |
Platform dependent weakness. This issue only impacts iSeries platforms. On these platforms, in BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.0.0-14.1.0.1, 13.0.0-13.1.1.3, and 12.1.1 HF2-12.1.4, the secureKeyCapable attribute was not set which causes secure vault to not use the F5 hardware support to store the unit key. Instead the unit key is stored in plaintext on disk as would be the case for Z100 systems. Additionally this causes the unit key to be stored in UCS files taken on these platforms. Published: April 15, 2019; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2019-4203 |
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal can be exploited by app developers to download arbitrary files from the host OS and potentially carry out SSRF attacks. IBM X-Force ID: 159124. Published: April 15, 2019; 11:29:00 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 9.0 HIGH |
CVE-2019-4202 |
IBM API Connect 5.0.0.0 and 5.0.8.6 Developer Portal is vulnerable to command injection. An attacker with a specially crafted request can run arbitrary code on the server and gain complete access to the system. IBM X-Force ID: 159123. Published: April 15, 2019; 11:29:00 AM -0400 |
V4.0:(not available) V3.1: 10.0 CRITICAL V2.0: 10.0 HIGH |
CVE-2019-4178 |
IBM Cognos Analytics 11 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to write or view arbitrary files on the system. IBM X-Force ID: 158919. Published: April 15, 2019; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2019-4012 |
IBM BigFix WebUI Profile Management 6 and Software Distribution 23 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 155886. Published: April 15, 2019; 11:29:00 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2019-11236 |
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. Published: April 15, 2019; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-0232 |
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https://web.archive.org/web/20161228144344/https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/). Published: April 15, 2019; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 9.3 HIGH |
CVE-2018-1925 |
IBM WebShere MQ 9.1.0.0, 9.1.0.1, 9.1.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 152925. Published: April 15, 2019; 11:29:00 AM -0400 |
V4.0:(not available) V3.0: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-6526 |
Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 and prior use plaintext transmission of sensitive data, which may allow an attacker to capture sensitive data such as an administrative password. Published: April 15, 2019; 8:31:42 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 5.0 MEDIUM |
CVE-2019-3891 |
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify the database and prevent Satellite from fetching package updates, thus preventing all Satellite hosts from accessing those updates. Published: April 15, 2019; 8:31:42 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 2.1 LOW |
CVE-2019-11229 |
models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution. Published: April 15, 2019; 8:31:36 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2019-11228 |
repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress. Published: April 15, 2019; 8:31:36 AM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-11222 |
gf_bin128_parse in utils/os_divers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafted_drm_file.xml file. Published: April 15, 2019; 8:31:36 AM -0400 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-11221 |
GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c. Published: April 15, 2019; 8:31:36 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-18261 |
In waimai Super Cms 20150505, there is an XSS vulnerability via the /admin.php/Foodcat/addsave fcname parameter. Published: April 15, 2019; 8:31:20 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-7777 |
Use of uninitialized memory in Graphite2 library in Firefox before 54 in graphite2::GlyphCache::Loader::read_glyph function. Published: April 15, 2019; 8:31:08 AM -0400 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2017-7776 |
Heap-based Buffer Overflow read in Graphite2 library in Firefox before 54 in graphite2::Silf::getClassGlyph. Published: April 15, 2019; 8:31:08 AM -0400 |
V4.0:(not available) V3.0: 8.1 HIGH V2.0: 5.8 MEDIUM |
CVE-2017-7774 |
Out-of-bounds read in Graphite2 Library in Firefox before 54 in graphite2::Silf::readGraphite function. Published: April 15, 2019; 8:31:08 AM -0400 |
V4.0:(not available) V3.0: 9.1 CRITICAL V2.0: 6.4 MEDIUM |