605 matches found
CVE-2019-5955
CREATE SD official App for Android version 1.0.2 and earlier allows remote attackers to bypass access restriction to lead a user to access an arbitrary website via vulnerable application and conduct phishing attacks...
OpenJDK: Font layout engine out of bounds access setCurrGlyphID() (2D, 8219022)
Vulnerability in the Java SE component of Oracle Java SE subcomponent: 2D. Supported versions that are affected are Java SE: 7u211 and 8u202. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of...
CVE-2019-7427
XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the autorefTime or graphTypes parameter...
Adobe Bridge CC Memory Misreference Vulnerability
Adobe Bridge is a free digital asset management application from Adobe. A memory misreference vulnerability exists in Adobe Bridge CC 9.0.2. An attacker could exploit the vulnerability to obtain information...
Adobe Bridge CC Out-of-Bounds Write Vulnerability
Adobe Bridge is a free digital asset management application from Adobe. An out-of-bounds write vulnerability exists in Adobe Bridge CC 9.0.2. An attacker can exploit this vulnerability to achieve remote code execution...
IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2019-09071)
IBM Rational DOORS Next Generation DNG/RRC is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...
Intel Data Center Manager SDK Denial of Service Vulnerability
Intel Data Center Manager SDK is a data center manager SDK software development kit from Intel USA. The product provides real-time power and cooling data for devices. A security vulnerability exists in the encryption routines in Intel Data Center Manager SDK versions prior to 5.0.2. An attacker...
Intel Data Center Manager SDK File Elevation of Privilege Vulnerability (CNVD-2019-05268)
Intel Data Center Manager SDK is a data center manager SDK software development kit from Intel USA. The product provides real-time power and cooling data for devices. A security vulnerability exists in Intel Data Center Manager SDK versions prior to 5.0.2. The vulnerability can be exploited by...
CVE-2019-0107
Insufficient user prompt in install routine for IntelR Data Center Manager SDK before version 5.0.2 may allow a privileged user to potentially enable escalation of privilege via local access...
GHSA-QRMC-FJ45-QFC2 Prototype Pollution in extend
Versions of extend prior to 3.0.2 for 3.x and 2.0.2 for 2.x are vulnerable to Prototype Pollution. The extend function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation If you're using...
CVE-2019-2500
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
CVE-2019-2448
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
UBUNTU-CVE-2019-2555
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
UBUNTU-CVE-2019-2553
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
UBUNTU-CVE-2019-2556
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
UBUNTU-CVE-2019-2509
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization subcomponent: Core. Supported versions that are affected are prior to 5.2.24 and prior to 6.0.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...
Unspecified Vulnerability in Oracle FLEXCUBE Direct Banking (CNVD-2019-37403)
Oracle FLEXCUBE Direct Banking enables banks to deliver a tailored, portal-based, rich online customer experience based on demographics and market segments. A security vulnerability exists in Oracle FLEXCUBE Direct Banking 12.0.2. An attacker could exploit the vulnerability to cause unauthorized...
Oracle VM VirtualBox Access Control Error Vulnerability (CNVD-2019-27297)
Oracle Virtualization is a set of virtualization solutions from Oracle Corporation. The solution is used to unify the management of the entire hardware and software system from applications to disks, enabling virtualization from the desktop to the data center.VM VirtualBox is one of the virtual...
UBUNTU-CVE-2019-6291
An issue was discovered in the function expr6 in eval.c in Netwide Assembler NASM through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage...
ZOHO ManageEngine ADSelfService Plus Cross-Site Scripting Vulnerability (CNVD-2019-03298)
ZOHO ManageEngine ADSelfService Plus is a Web-based end-user password management software from ZOHO. A cross-site scripting vulnerability exists in the automatically updated deployment implementation of ZOHO ManageEngine ADSelfService Plus prior to version 5.7 build 5702, which can be exploited b...