Search Results (83089 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-0216 1 Apache 1 Airflow 2024-11-21 N/A
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
CVE-2019-0213 1 Apache 1 Archiva 2024-11-21 N/A
In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.
CVE-2019-0203 2 Apache, Redhat 2 Subversion, Enterprise Linux 2024-11-21 7.5 High
In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server.
CVE-2019-0201 5 Apache, Debian, Netapp and 2 more 14 Activemq, Drill, Zookeeper and 11 more 2024-11-21 5.9 Medium
An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper’s getACL() command doesn’t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
CVE-2019-0186 1 Apache 1 Pluto 2024-11-21 N/A
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file
CVE-2019-0171 1 Intel 2 Quartus Ii, Quartus Prime 2024-11-21 N/A
Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-0169 1 Intel 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware 2024-11-21 8.8 High
Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access.
CVE-2019-0161 2 Redhat, Tianocore 2 Enterprise Linux, Edk Ii 2024-11-21 N/A
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access.
CVE-2019-0160 4 Fedoraproject, Opensuse, Redhat and 1 more 8 Fedora, Leap, Enterprise Linux and 5 more 2024-11-21 9.8 Critical
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.
CVE-2019-0148 1 Intel 13 Ethernet 700 Series Software, Ethernet Controller 710-bm1, Ethernet Controller 710-bm1 Firmware and 10 more 2024-11-21 5.5 Medium
Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.
CVE-2019-0146 1 Intel 13 Ethernet 700 Series Software, Ethernet Controller 710-bm1, Ethernet Controller 710-bm1 Firmware and 10 more 2024-11-21 5.5 Medium
Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access.
CVE-2019-0144 1 Intel 13 Ethernet 700 Series Software, Ethernet Controller 710-bm1, Ethernet Controller 710-bm1 Firmware and 10 more 2024-11-21 6.5 Medium
Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access.
CVE-2019-0143 1 Intel 13 Ethernet 700 Series Software, Ethernet Controller 710-bm1, Ethernet Controller 710-bm1 Firmware and 10 more 2024-11-21 5.5 Medium
Unhandled exception in Kernel-mode drivers for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.
CVE-2019-0138 1 Intel 1 Acu Wizard 2024-11-21 N/A
Improper directory permissions in Intel(R) ACU Wizard version 12.0.0.129 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-0130 2 Intel, Lenovo 9 Rapid Storage Technology Enterprise, Thinkstation P520, Thinkstation P520 Firmware and 6 more 2024-11-21 7.4 High
Reflected XSS in web interface for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an unauthenticated user to potentially enable denial of service via network access.
CVE-2019-0111 1 Intel 1 Data Center Manager 2024-11-21 N/A
Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2019-0108 1 Intel 1 Data Center Manager 2024-11-21 N/A
Improper file permissions for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable disclosure of information via local access.
CVE-2019-0096 1 Intel 1 Active Management Technology Firmware 2024-11-21 8.0 High
Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access.
CVE-2019-0086 1 Intel 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware 2024-11-21 N/A
Insufficient access control vulnerability in Dynamic Application Loader software for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.
CVE-2019-0073 1 Juniper 1 Junos 2024-11-21 6.6 Medium
The PKI keys exported using the command "run request security pki key-pair export" on Junos OS may have insecure file permissions. This may allow another user on the Junos OS device with shell access to read them. This issue affects: Juniper Networks Junos OS 15.1X49 versions prior to 15.1X49-D180; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2.