Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7832 | 1 Schneider-electric | 1 Pro-face Gp-pro Ex | 2019-05-28 | 6.5 MEDIUM | 8.8 HIGH |
| An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched. | |||||
| CVE-2017-11740 | 1 Zohocorp | 1 Manageengine Applications Manager | 2019-05-23 | 6.8 MEDIUM | 8.8 HIGH |
| In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system. | |||||
| CVE-2017-5211 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing. | |||||
| CVE-2018-14729 | 1 Comsenz | 1 Discuz\! | 2019-05-23 | 9.0 HIGH | 8.8 HIGH |
| The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2003-0367 | 2 Debian, Gnu | 2 Debian Linux, Gzip | 2019-05-23 | 2.1 LOW | N/A |
| znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2017-8341 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-05-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing. | |||||
| CVE-2017-3273 | 1 Oracle | 1 Mysql | 2019-05-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). | |||||
| CVE-2019-11114 | 1 Intel | 1 Driver \& Support Assistant | 2019-05-21 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2019-0115 | 1 Intel | 1 Graphics Driver | 2019-05-21 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient input validation in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2019-11094 | 1 Intel | 20 Nuc Kit D33217gke, Nuc Kit D53427rke, Nuc Kit D54250wyb and 17 more | 2019-05-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in system firmware for Intel (R) NUC Kit may allow an authenticated user to potentially enable escalation of privilege, denial of service, and/or information disclosure via local access. | |||||
| CVE-2014-9417 | 1 Huawei | 1 Espace Desktop | 2019-05-20 | 2.1 LOW | N/A |
| The Meeting component in Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted image. | |||||
| CVE-2014-9415 | 1 Huawei | 1 Espace Desktop | 2019-05-20 | 1.9 LOW | N/A |
| Huawei eSpace Desktop before V100R001C03 allows local users to cause a denial of service (program exit) via a crafted QES file. | |||||
| CVE-2019-5931 | 1 Cybozu | 1 Garoon | 2019-05-20 | 5.5 MEDIUM | 8.7 HIGH |
| Cybozu Garoon 4.0.0 to 4.6.3 allows authenticated attackers to alter the information with privileges invoking the installer via unspecified vectors. | |||||
| CVE-2018-1000077 | 2 Debian, Rubygems | 2 Debian Linux, Rubygems | 2019-05-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Improper Input Validation vulnerability in ruby gems specification homepage attribute that can result in a malicious gem could set an invalid homepage URL. This vulnerability appears to have been fixed in 2.7.6. | |||||
| CVE-2014-1818 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2019-05-17 | 9.3 HIGH | N/A |
| GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP1 and SP2, Live Meeting 2007 Console, Lync 2010 and 2013, Lync 2010 Attendee, and Lync Basic 2013 allows remote attackers to execute arbitrary code via a crafted EMF+ record in an image file, aka "GDI+ Image Parsing Vulnerability." | |||||
| CVE-2015-6104 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2019-05-17 | 9.3 HIGH | N/A |
| The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6103. | |||||
| CVE-2015-6103 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2019-05-17 | 9.3 HIGH | N/A |
| The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-6104. | |||||
| CVE-2019-0885 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-05-17 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. | |||||
| CVE-2015-2459 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2019-05-17 | 9.3 HIGH | N/A |
| ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2461. | |||||
| CVE-2015-2460 | 1 Microsoft | 8 .net Framework, Windows 10, Windows 7 and 5 more | 2019-05-17 | 9.3 HIGH | N/A |
| ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability." | |||||