2019-04-10
|
CVE-2019-11068
|
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
|
Ubuntu_linux, Debian_linux, Fedora, Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_unified_manager, E\-Series_santricity_web_services_proxy, Element_software, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_unified_manager, Snapmanager, Solidfire, Steelstore_cloud_integrated_storage, Leap, Jdk, Libxslt
|
9.8
|
|
|
2019-07-01
|
CVE-2019-13118
|
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
|
Icloud, Iphone_os, Itunes, Mac_os_x, Macos, Tvos, Ubuntu_linux, Fedora, Active_iq_unified_manager, Cloud_backup, Clustered_data_ontap, E\-Series_performance_analyzer, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Plug\-In_for_symantec_netbackup, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Jdk, Libxslt
|
5.3
|
|
|
2019-07-16
|
CVE-2019-13115
|
In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds read in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in...
|
Debian_linux, Traffix_systems_signaling_delivery_controller, Fedora, Libssh2, Cloud_backup, E\-Series_santricity_os_controller, Ontap_select_deploy_administration_utility
|
8.1
|
|
|
2019-09-16
|
CVE-2019-11184
|
A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.
|
3106_firmware, 4109t_firmware, 4110_firmware, 4114t_firmware, 4116_firmware, 4116t_firmware, 5118_firmware, 5119t_firmware, 5120t_firmware, 6126_firmware, 6126t_firmware, 6130_firmware, 6130t_firmware, 6138_firmware, Xeon_e5\-1428l_firmware, Xeon_e5\-1428l_v2_firmware, Xeon_e5\-1428l_v3_firmware, Xeon_e5\-1620_firmware, Xeon_e5\-1620_v2_firmware, Xeon_e5\-1620_v3_firmware, Xeon_e5\-1620_v4_firmware, Xeon_e5\-1630_v3_firmware, Xeon_e5\-1630_v4_firmware, Xeon_e5\-1650_firmware, Xeon_e5\-1650_v2_firmware, Xeon_e5\-1650_v3_firmware, Xeon_e5\-1650_v4_firmware, Xeon_e5\-1660_firmware, Xeon_e5\-1660_v2_firmware, Xeon_e5\-1660_v3_firmware, Xeon_e5\-1660_v4_firmware, Xeon_e5\-1680_v3_firmware, Xeon_e5\-1680_v4_firmware, Xeon_e5\-2403_firmware, Xeon_e5\-2403_v2_firmware, Xeon_e5\-2407_firmware, Xeon_e5\-2407_v2_firmware, Xeon_e5\-2408l_v3_firmware, Xeon_e5\-2418l_firmware, Xeon_e5\-2418l_v2_firmware, Xeon_e5\-2418l_v3_firmware, Xeon_e5\-2420_firmware, Xeon_e5\-2420_v2_firmware, Xeon_e5\-2428l_firmware, Xeon_e5\-2428l_v2_firmware, Xeon_e5\-2428l_v3_firmware, Xeon_e5\-2430_firmware, Xeon_e5\-2430_v2_firmware, Xeon_e5\-2430l_firmware, Xeon_e5\-2430l_v2_firmware, Xeon_e5\-2438l_v3_firmware, Xeon_e5\-2440_firmware, Xeon_e5\-2440_v2_firmware, Xeon_e5\-2448l_firmware, Xeon_e5\-2448l_v2_firmware, Xeon_e5\-2450_firmware, Xeon_e5\-2450_v2_firmware, Xeon_e5\-2450l_firmware, Xeon_e5\-2450l_v2_firmware, Xeon_e5\-2470_firmware, Xeon_e5\-2470_v2_firmware, Xeon_e5\-2603_firmware, Xeon_e5\-2603_v2_firmware, Xeon_e5\-2603_v3_firmware, Xeon_e5\-2603_v4_firmware, Xeon_e5\-2608l_v3_firmware, Xeon_e5\-2608l_v4_firmware, Xeon_e5\-2609_firmware, Xeon_e5\-2609_v2_firmware, Xeon_e5\-2609_v3_firmware, Xeon_e5\-2609_v4_firmware, Xeon_e5\-2618l_v2_firmware, Xeon_e5\-2618l_v3_firmware, Xeon_e5\-2618l_v4_firmware, Xeon_e5\-2620_firmware, Xeon_e5\-2620_v2_firmware, Xeon_e5\-2620_v3_firmware, Xeon_e5\-2620_v4_firmware, Xeon_e5\-2623_v3_firmware, Xeon_e5\-2623_v4_firmware, Xeon_e5\-2628l_v2_firmware, Xeon_e5\-2628l_v3_firmware, Xeon_e5\-2628l_v4_firmware, Xeon_e5\-2630_firmware, Xeon_e5\-2630_v2_firmware, Xeon_e5\-2630_v3_firmware, Xeon_e5\-2630_v4_firmware, Xeon_e5\-2630l_firmware, Xeon_e5\-2630l_v2_firmware, Xeon_e5\-2630l_v3_firmware, Xeon_e5\-2630l_v4_firmware, Xeon_e5\-2637_firmware, Xeon_e5\-2637_v2_firmware, Xeon_e5\-2637_v3_firmware, Xeon_e5\-2637_v4_firmware, Xeon_e5\-2640_firmware, Xeon_e5\-2640_v2_firmware, Xeon_e5\-2640_v3_firmware, Xeon_e5\-2640_v4_firmware, Xeon_e5\-2643_firmware, Xeon_e5\-2643_v2_firmware, Xeon_e5\-2643_v3_firmware, Xeon_e5\-2643_v4_firmware, Xeon_e5\-2648l_firmware, Xeon_e5\-2648l_v2_firmware, Xeon_e5\-2648l_v3_firmware, Xeon_e5\-2648l_v4_firmware, Xeon_e5\-2650_firmware, Xeon_e5\-2650_v2_firmware, Xeon_e5\-2650_v3_firmware, Xeon_e5\-2650_v4_firmware, Xeon_e5\-2650l_firmware, Xeon_e5\-2650l_v2_firmware, Xeon_e5\-2650l_v3_firmware, Xeon_e5\-2650l_v4_firmware, Xeon_e5\-2658_firmware, Xeon_e5\-2658_v2_firmware, Xeon_e5\-2658_v3_firmware, Xeon_e5\-2658_v4_firmware, Xeon_e5\-2658a_v3_firmware, Xeon_e5\-2660_firmware, Xeon_e5\-2660_v2_firmware, Xeon_e5\-2660_v3_firmware, Xeon_e5\-2660_v4_firmware, Xeon_e5\-2665_firmware, Xeon_e5\-2667_firmware, Xeon_e5\-2667_v2_firmware, Xeon_e5\-2667_v3_firmware, Xeon_e5\-2667_v4_firmware, Xeon_e5\-2670_firmware, Xeon_e5\-2670_v2_firmware, Xeon_e5\-2670_v3_firmware, Xeon_e5\-2680_firmware, Xeon_e5\-2680_v2_firmware, Xeon_e5\-2680_v3_firmware, Xeon_e5\-2680_v4_firmware, Xeon_e5\-2683_v3_firmware, Xeon_e5\-2683_v4_firmware, Xeon_e5\-2687w_firmware, Xeon_e5\-2687w_v2_firmware, Xeon_e5\-2687w_v3_firmware, Xeon_e5\-2687w_v4_firmware, Xeon_e5\-2690_firmware, Xeon_e5\-2690_v2_firmware, Xeon_e5\-2690_v3_firmware, Xeon_e5\-2690_v4_firmware, Xeon_e5\-2695_v2_firmware, Xeon_e5\-2695_v3_firmware, Xeon_e5\-2695_v4_firmware, Xeon_e5\-2697_v2_firmware, Xeon_e5\-2697_v3_firmware, Xeon_e5\-2697_v4_firmware, Xeon_e5\-2697a_v4_firmware, Xeon_e5\-2698_v3_firmware, Xeon_e5\-2698_v4_firmware, Xeon_e5\-2699_v3_firmware, Xeon_e5\-2699_v4_firmware, Xeon_e5\-2699a_v4_firmware, Xeon_e5\-2699r_v4_firmware, Xeon_e5\-4603_firmware, Xeon_e5\-4603_v2_firmware, Xeon_e5\-4607_firmware, Xeon_e5\-4607_v2_firmware, Xeon_e5\-4610_firmware, Xeon_e5\-4610_v2_firmware, Xeon_e5\-4610_v3_firmware, Xeon_e5\-4610_v4_firmware, Xeon_e5\-4617_firmware, Xeon_e5\-4620_firmware, Xeon_e5\-4620_v2_firmware, Xeon_e5\-4620_v3_firmware, Xeon_e5\-4620_v4_firmware, Xeon_e5\-4624l_v2_firmware, Xeon_e5\-4627_v2_firmware, Xeon_e5\-4627_v3_firmware, Xeon_e5\-4627_v4_firmware, Xeon_e5\-4628l_v4_firmware, Xeon_e5\-4640_firmware, Xeon_e5\-4640_v2_firmware, Xeon_e5\-4640_v3_firmware, Xeon_e5\-4640_v4_firmware, Xeon_e5\-4648_v3_firmware, Xeon_e5\-4650_firmware, Xeon_e5\-4650_v2_firmware, Xeon_e5\-4650_v3_firmware, Xeon_e5\-4650_v4_firmware, Xeon_e5\-4650l_firmware, Xeon_e5\-4655_v3_firmware, Xeon_e5\-4655_v4_firmware, Xeon_e5\-4657l_v2_firmware, Xeon_e5\-4660_v3_firmware, Xeon_e5\-4660_v4_firmware, Xeon_e5\-4667_v3_firmware, Xeon_e5\-4667_v4_firmware, Xeon_e5\-4669_v3_firmware, Xeon_e5\-4669_v4_firmware, Xeon_e7\-2850_v2_firmware, Xeon_e7\-2870_v2_firmware, Xeon_e7\-2880_v2_firmware, Xeon_e7\-2890_v2_firmware, Xeon_e7\-4809_v2_firmware, Xeon_e7\-4809_v3_firmware, Xeon_e7\-4809_v4_firmware, Xeon_e7\-4820_v2_firmware, Xeon_e7\-4820_v3_firmware, Xeon_e7\-4820_v4_firmware, Xeon_e7\-4830_v2_firmware, Xeon_e7\-4830_v3_firmware, Xeon_e7\-4830_v4_firmware, Xeon_e7\-4850_v2_firmware, Xeon_e7\-4850_v3_firmware, Xeon_e7\-4850_v4_firmware, Xeon_e7\-4860_v2_firmware, Xeon_e7\-4870_v2_firmware, Xeon_e7\-4880_v2_firmware, Xeon_e7\-4890_v2_firmware, Xeon_e7\-8850_v2_firmware, Xeon_e7\-8857_v2_firmware, Xeon_e7\-8860_v3_firmware, Xeon_e7\-8860_v4_firmware, Xeon_e7\-8867_v3_firmware, Xeon_e7\-8867_v4_firmware, Xeon_e7\-8870_v2_firmware, Xeon_e7\-8870_v3_firmware, Xeon_e7\-8870_v4_firmware, Xeon_e7\-8880_v2_firmware, Xeon_e7\-8880_v3_firmware, Xeon_e7\-8880_v4_firmware, Xeon_e7\-8880l_v2_firmware, Xeon_e7\-8880l_v3_firmware, Xeon_e7\-8890_v2_firmware, Xeon_e7\-8890_v3_firmware, Xeon_e7\-8890_v4_firmware, Xeon_e7\-8891_v2_firmware, Xeon_e7\-8891_v3_firmware, Xeon_e7\-8891_v4_firmware, Xeon_e7\-8893_v2_firmware, Xeon_e7\-8893_v3_firmware, Xeon_e7\-8893_v4_firmware, Xeon_e7\-8894_v4_firmware, Cloud_backup, Steelstore_cloud_integrated_storage
|
4.8
|
|
|
2019-09-16
|
CVE-2019-5481
|
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
|
Debian_linux, Fedora, Curl, Cloud_backup, Solidfire_baseboard_management_controller_firmware, Steelstore, Leap, Communications_operations_monitor, Communications_session_border_controller, Enterprise_manager_ops_center, Mysql_server, Oss_support_tools
|
9.8
|
|
|
2019-09-16
|
CVE-2019-5482
|
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
|
Debian_linux, Fedora, Curl, Cloud_backup, Oncommand_insight, Oncommand_unified_manager, Oncommand_workflow_automation, Snapcenter, Steelstore_cloud_integrated_storage, Leap, Communications_operations_monitor, Communications_session_border_controller, Enterprise_manager_ops_center, Http_server, Hyperion_essbase, Mysql_server, Oss_support_tools
|
9.8
|
|
|
2019-10-03
|
CVE-2019-15166
|
lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.
|
Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Cloud_backup, Hci_management_node, Solidfire, Leap, Enterprise_linux, Tcpdump
|
7.5
|
|
|
2019-11-18
|
CVE-2019-19054
|
A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.
|
Brocade_fabric_operating_system_firmware, Ubuntu_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Aff_baseboard_management_controller, Cloud_backup, Data_availability_services, E\-Series_santricity_os_controller, Fas\/aff_baseboard_management_controller, Hci_baseboard_management_controller, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage, Leap
|
4.7
|
|
|
2019-11-18
|
CVE-2019-19057
|
Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.
|
Brocade_fabric_operating_system_firmware, Ubuntu_linux, Debian_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Aff_baseboard_management_controller, Cloud_backup, Data_availability_services, E\-Series_santricity_os_controller, Fas\/aff_baseboard_management_controller, Hci_baseboard_management_controller, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage, Leap
|
3.3
|
|
|
2019-11-18
|
CVE-2019-19063
|
Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.
|
Brocade_fabric_operating_system_firmware, Ubuntu_linux, Fedora, Linux_kernel, Active_iq_unified_manager, Aff_baseboard_management_controller, Cloud_backup, Data_availability_services, E\-Series_santricity_os_controller, Fas\/aff_baseboard_management_controller, Hci_baseboard_management_controller, Hci_compute_node_firmware, Solidfire\,_enterprise_sds_\&_hci_storage_node, Solidfire_\&_hci_management_node, Solidfire_baseboard_management_controller_firmware, Steelstore_cloud_integrated_storage, Leap, Sd\-Wan_edge
|
4.6
|
|
|