Lucene search
K

226 matches found

OSV
OSV
added 2019/09/18 5:15 p.m.2 views

CVE-2019-12620

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could explo...

5.3CVSS6.2AI score0.0065EPSS
Exploits0References1
Prion
Prion
added 2019/09/18 5:15 p.m.20 views

Authentication flaw

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could explo...

5CVSS5.6AI score0.0065EPSS
Exploits0References1Affected Software5
OSV
OSV
added 2019/09/17 8:15 p.m.3 views

CVE-2019-6809

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 firmware versions prior to V2.90, Modicon M340 firmware versions prior to V3.10, Modicon Premium all versions, Modicon Quantum all versions, which could cause a possible denial of service when reading invalid data from the...

7.5CVSS7.1AI score0.01757EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/09/17 7:50 p.m.29 views

CVE-2019-6809

A CWE-248: Uncaught Exception vulnerability exists in Modicon M580 firmware versions prior to V2.90, Modicon M340 firmware versions prior to V3.10, Modicon Premium all versions, Modicon Quantum all versions, which could cause a possible denial of service when reading invalid data from the...

7.3AI score0.01757EPSS
Exploits0References1
CNVD
CNVD
added 2019/07/23 12:0 a.m.3 views

Buffer Overflow Vulnerability in Multiple Qualcomm Products (CNVD-2019-27321)

Qualcomm MDM9607 and others are products of Qualcomm Incorporated.MDM9607 is a central processing unit CPU product.MDM9650 is a central processing unit CPU product.SDX20 is a modem. A buffer overflow vulnerability exists in Video Firmware in multiple Qualcomm products, which originates when a...

9.8CVSS7.3AI score0.00937EPSS
Exploits0References1
Prion
Prion
added 2019/07/22 2:15 p.m.21 views

Code injection

Shared memory gets updated with invalid data and may lead to access beyond the allocated memory. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909...

7.5CVSS9.3AI score0.00937EPSS
Exploits0References1
CVE
CVE
added 2019/07/22 1:47 p.m.72 views

CVE-2019-2279

CVE-2019-2279 affects Qualcomm/Snapdragon components (e.g., Snapdragon Auto/Connectivity/Consumer IOT/Industrial IOT, Snapdragon Mobile, Wearables, and related SoCs such as MDM9150, MDM9607, MDM9650, various SDx/SDM/QCA families). Root cause: shared memory is updated with invalid data, causing me...

9.8CVSS9.3AI score0.00937EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/07/01 12:0 a.m.3 views

Exiv2 Input Validation Error Vulnerability

Exiv2 is a set of C++ libraries and command line applications for managing image metadata by Andreas Huggel programmers. The product provides the ability to read and write image metadata in a variety of formats including EXIF, IPTC and XMP. An input validation error vulnerability exists in Exiv2...

6.5CVSS8.4AI score0.02127EPSS
Exploits1References1
OSV
OSV
added 2019/06/30 11:15 p.m.3 views

DEBIAN-CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

6.5CVSS7.5AI score0.02127EPSS
Exploits1References1
OSV
OSV
added 2019/06/30 11:15 p.m.4 views

ALPINE-CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

6.5CVSS6.7AI score0.02127EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2019/06/30 11:15 p.m.4 views

CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

6.5CVSS5.5AI score0.02127EPSS
Exploits1References7
OSV
OSV
added 2019/06/30 12:0 a.m.2 views

UBUNTU-CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

6.5CVSS6.7AI score0.02127EPSS
Exploits1References5
UbuntuCve
UbuntuCve
added 2019/06/30 12:0 a.m.22 views

CVE-2019-13113

Exiv2 through 0.27.1 allows an attacker to cause a denial of service crash due to assertion failure via an invalid data location in a CRW image file...

6.5CVSS6.8AI score0.02127EPSS
Exploits1References4
NVD
NVD
added 2019/05/22 8:29 p.m.18 views

CVE-2018-7843

A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading memory blocks with an invalid data size or with an invalid data offset in the controller over Modbus...

7.5CVSS7.4AI score0.03289EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/03/27 12:0 a.m.38 views

openSUSE Security Update : Mozilla Thunderbird (openSUSE-2019-503)

This update for Mozilla Thunderbird to version 52.9.0 fixes multiple issues. Security issues fixed, inherited from the Mozilla common code base MFSA 2018-16, bsc1098998 : - CVE-2018-12359: Buffer overflow using computed size of canvas element - CVE-2018-12360: Use-after-free when using focus -...

9.8CVSS7.4AI score0.04647EPSS
Exploits0References18
OpenVAS
OpenVAS
added 2019/03/12 12:0 a.m.99 views

PHP Multiple Vulnerabilities (Mar 2019) - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

9.8CVSS8.5AI score0.09395EPSS
Exploits5References5
Typo3
Typo3
added 2019/01/22 12:0 a.m.10 views

Multiple vulnerabilities in extension "femanager" (femanager)

It is possible to bypass configured server side validation rules which allows an attacker to create frontend user records with invalid data. Also, the eID script allows an attacker to set various validators using GET parameters resulting in information disclosure of field values from the feusers...

6.3AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/10/22 12:0 a.m.38 views

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2018:2322-2)

This update for MozillaFirefox to version ESR 52.9 fixes the following issues : CVE-2018-5188: Various memory safety bugs bsc1098998 CVE-2018-12368: No warning when opening executable SettingContent-ms files CVE-2018-12366: Invalid data handling during QCMS transformations CVE-2018-12365:...

9.8CVSS7.3AI score0.04831EPSS
Exploits1References22
Tenable Nessus
Tenable Nessus
added 2018/08/24 12:0 a.m.40 views

Amazon Linux 2 : thunderbird (ALAS-2018-1061)

Use-after-free when appending DOM nodes CVE-2018-12363 Use-after-free using focus CVE-2018-12360 Compromised IPC child process can list local filenames CVE-2018-12365 Buffer overflow using computed size of canvas element CVE-2018-12359 Using form to exfiltrate encrypted mail part by pressing ente...

9.8CVSS7.2AI score0.04647EPSS
Exploits0References12
Amazon
Amazon
added 2018/08/21 12:0 a.m.45 views

Critical: thunderbird

Issue Overview: Use-after-free when appending DOM nodes CVE-2018-12363 Use-after-free using focus CVE-2018-12360 Compromised IPC child process can list local filenames CVE-2018-12365 Buffer overflow using computed size of canvas element CVE-2018-12359 Using form to exfiltrate encrypted mail part ...

9.8CVSS8.7AI score0.04647EPSS
Exploits0
Rows per page
Query Builder