CWE:
 

Topic
Date
Author
High
Linux Kernel 3.2 multiple x86_64 vulnerabilities
16.12.2014
Andy Lutomirski


CVEMAP Search Results

CVE
Details
Description
2019-07-30
Low
CVE-2019-10153

Vendor: Clusterlabs
Software: Fence-agents
 

 
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.

 
2018-09-12
Medium
CVE-2018-8337

Vendor: Microsoft
Software: Windows 10
 

 
A security feature bypass vulnerability exists when Windows Subsystem for Linux improperly handles case sensitivity, aka "Windows Subsystem for Linux Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers.

 
2018-08-03
Medium
CVE-2018-3777

Vendor: Restforce
Software: Restforce
 

 
Insufficient URI encoding in restforce before 3.0.0 allows attacker to inject arbitrary parameters into Salesforce API requests.

 
2018-05-09
Low
CVE-2018-2415

Vendor: SAP
Software: J2ee engine ...
 

 
SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are displayed.

 
2018-04-29
Medium
CVE-2018-9845

Updating...
 

 
Etherpad Lite before 1.6.4 is exploitable for admin access.

 
2018-04-18
Medium
CVE-2016-2169

Vendor: Cloudfoundry
Software: Cf-release
 

 
Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route and receive traffic intended for the service.

 
Medium
CVE-2015-9213

Vendor: Qualcomm
Software: Mdm9206 firmware
 

 
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, the DIAG-EFS command EFS2_DIAG_DELTREE, which is handled by the function fs_diag_deltree_handler(), is used to delete files and directories only inside the /public folder.

 
High
CVE-2016-10481

Vendor: Qualcomm
Software: Mdm9607 firmware
 

 
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, if WLAN FW receives the WMI_STA_SMPS_PARAM_CMDID ioctl in not-associated state, when the virtual channel handle is not assigned, the code doesn't check for NULL virtual channel handle, so an assert occurs.

 
2018-02-21
Low
CVE-2018-7289

Vendor: Teclib-edition
Software: Armadito ant...
 

 
An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens because characters that cannot be converted from Unicode are replaced with '?' characters.

 
2018-02-15
Low
CVE-2018-7173

Vendor: Xpdfreader
Software: XPDF
 

 
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top