2019-01-02
|
CVE-2018-14718
|
FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.
|
Debian_linux, Jackson\-Databind, Oncommand_workflow_automation, Snapcenter, Steelstore_cloud_integrated_storage, Banking_platform, Business_process_management_suite, Communications_billing_and_revenue_management, Communications_instant_messaging_server, Enterprise_manager_for_virtualization, Financial_services_analytical_applications_infrastructure, Global_lifecycle_management_opatch, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Jdeveloper, Nosql_database, Primavera_p6_enterprise_project_portfolio_management, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Retail_merchandising_system, Retail_workforce_management_software, Siebel_engineering_\-_installer_\&_deployment, Siebel_ui_framework, Webcenter_portal, Openshift_container_platform
|
9.8
|
|
|
2019-02-26
|
CVE-2009-5155
|
In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.
|
Glibc, Cloud_backup, Ontap_select_deploy_administration_utility, Steelstore_cloud_integrated_storage
|
7.5
|
|
|
2019-02-26
|
CVE-2018-20796
|
In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.
|
Glibc, Cloud_backup, Ontap_select_deploy_administration_utility, Steelstore_cloud_integrated_storage
|
7.5
|
|
|
2019-02-26
|
CVE-2019-9169
|
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
|
Ubuntu_linux, Glibc, Web_gateway, Cloud_backup, Ontap_select_deploy_administration_utility, Steelstore_cloud_integrated_storage
|
9.8
|
|
|
2019-02-27
|
CVE-2019-1559
|
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt...
|
Ubuntu_linux, Debian_linux, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_domain_name_system, Big\-Ip_edge_gateway, Big\-Ip_fraud_protection_service, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_webaccelerator, Big\-Iq_centralized_management, Traffix_signaling_delivery_controller, Fedora, Agent, Data_exchange_layer, Threat_intelligence_exchange_server, Web_gateway, A220_firmware, A320_firmware, A800_firmware, Active_iq_unified_manager, Altavault, C190_firmware, Cloud_backup, Clustered_data_ontap_antivirus_connector, Cn1610_firmware, Element_software, Fas2720_firmware, Fas2750_firmware, Hci_compute_node, Hci_management_node, Hyper_converged_infrastructure, Oncommand_insight, Oncommand_unified_manager, Oncommand_unified_manager_core_package, Oncommand_workflow_automation, Ontap_select_deploy, Ontap_select_deploy_administration_utility, Santricity_smi\-S_provider, Service_processor, Smi\-S_provider, Snapcenter, Snapdrive, Snapprotect, Solidfire, Steelstore_cloud_integrated_storage, Storage_automation_store, Storagegrid, Node\.js, Openssl, Leap, Api_gateway, Business_intelligence, Communications_diameter_signaling_router, Communications_performance_intelligence_center, Communications_session_border_controller, Communications_session_router, Communications_unified_session_manager, Endeca_server, Enterprise_manager_base_platform, Enterprise_manager_ops_center, Jd_edwards_enterpriseone_tools, Jd_edwards_world_security, Mysql, Mysql_enterprise_monitor, Mysql_workbench, Peoplesoft_enterprise_peopletools, Secure_global_desktop, Services_tools_bundle, Pan\-Os, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Jboss_enterprise_web_server, Virtualization, Virtualization_host, Nessus
|
5.9
|
|
|
2019-04-10
|
CVE-2019-11068
|
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
|
Ubuntu_linux, Debian_linux, Fedora, Active_iq_unified_manager, Cloud_backup, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_unified_manager, E\-Series_santricity_web_services_proxy, Element_software, Hci_management_node, Oncommand_insight, Oncommand_workflow_automation, Plug\-In_for_symantec_netbackup, Santricity_unified_manager, Snapmanager, Solidfire, Steelstore_cloud_integrated_storage, Leap, Jdk, Libxslt
|
9.8
|
|
|
2019-05-28
|
CVE-2019-5436
|
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
|
Debian_linux, Traffix_signaling_delivery_controller, Fedora, Libcurl, Hci_management_node, Solidfire, Steelstore_cloud_integrated_storage, Leap, Enterprise_manager_ops_center, Mysql_server, Oss_support_tools
|
7.8
|
|
|
2019-07-01
|
CVE-2019-13118
|
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
|
Icloud, Iphone_os, Itunes, Mac_os_x, Macos, Tvos, Ubuntu_linux, Fedora, Active_iq_unified_manager, Cloud_backup, Clustered_data_ontap, E\-Series_performance_analyzer, E\-Series_santricity_management_plug\-Ins, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Plug\-In_for_symantec_netbackup, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Leap, Jdk, Libxslt
|
5.3
|
|
|
2019-09-16
|
CVE-2019-11184
|
A race condition in specific microprocessors using Intel (R) DDIO cache allocation and RDMA may allow an authenticated user to potentially enable partial information disclosure via adjacent access.
|
3106_firmware, 4109t_firmware, 4110_firmware, 4114t_firmware, 4116_firmware, 4116t_firmware, 5118_firmware, 5119t_firmware, 5120t_firmware, 6126_firmware, 6126t_firmware, 6130_firmware, 6130t_firmware, 6138_firmware, Xeon_e5\-1428l_firmware, Xeon_e5\-1428l_v2_firmware, Xeon_e5\-1428l_v3_firmware, Xeon_e5\-1620_firmware, Xeon_e5\-1620_v2_firmware, Xeon_e5\-1620_v3_firmware, Xeon_e5\-1620_v4_firmware, Xeon_e5\-1630_v3_firmware, Xeon_e5\-1630_v4_firmware, Xeon_e5\-1650_firmware, Xeon_e5\-1650_v2_firmware, Xeon_e5\-1650_v3_firmware, Xeon_e5\-1650_v4_firmware, Xeon_e5\-1660_firmware, Xeon_e5\-1660_v2_firmware, Xeon_e5\-1660_v3_firmware, Xeon_e5\-1660_v4_firmware, Xeon_e5\-1680_v3_firmware, Xeon_e5\-1680_v4_firmware, Xeon_e5\-2403_firmware, Xeon_e5\-2403_v2_firmware, Xeon_e5\-2407_firmware, Xeon_e5\-2407_v2_firmware, Xeon_e5\-2408l_v3_firmware, Xeon_e5\-2418l_firmware, Xeon_e5\-2418l_v2_firmware, Xeon_e5\-2418l_v3_firmware, Xeon_e5\-2420_firmware, Xeon_e5\-2420_v2_firmware, Xeon_e5\-2428l_firmware, Xeon_e5\-2428l_v2_firmware, Xeon_e5\-2428l_v3_firmware, Xeon_e5\-2430_firmware, Xeon_e5\-2430_v2_firmware, Xeon_e5\-2430l_firmware, Xeon_e5\-2430l_v2_firmware, Xeon_e5\-2438l_v3_firmware, Xeon_e5\-2440_firmware, Xeon_e5\-2440_v2_firmware, Xeon_e5\-2448l_firmware, Xeon_e5\-2448l_v2_firmware, Xeon_e5\-2450_firmware, Xeon_e5\-2450_v2_firmware, Xeon_e5\-2450l_firmware, Xeon_e5\-2450l_v2_firmware, Xeon_e5\-2470_firmware, Xeon_e5\-2470_v2_firmware, Xeon_e5\-2603_firmware, Xeon_e5\-2603_v2_firmware, Xeon_e5\-2603_v3_firmware, Xeon_e5\-2603_v4_firmware, Xeon_e5\-2608l_v3_firmware, Xeon_e5\-2608l_v4_firmware, Xeon_e5\-2609_firmware, Xeon_e5\-2609_v2_firmware, Xeon_e5\-2609_v3_firmware, Xeon_e5\-2609_v4_firmware, Xeon_e5\-2618l_v2_firmware, Xeon_e5\-2618l_v3_firmware, Xeon_e5\-2618l_v4_firmware, Xeon_e5\-2620_firmware, Xeon_e5\-2620_v2_firmware, Xeon_e5\-2620_v3_firmware, Xeon_e5\-2620_v4_firmware, Xeon_e5\-2623_v3_firmware, Xeon_e5\-2623_v4_firmware, Xeon_e5\-2628l_v2_firmware, Xeon_e5\-2628l_v3_firmware, Xeon_e5\-2628l_v4_firmware, Xeon_e5\-2630_firmware, Xeon_e5\-2630_v2_firmware, Xeon_e5\-2630_v3_firmware, Xeon_e5\-2630_v4_firmware, Xeon_e5\-2630l_firmware, Xeon_e5\-2630l_v2_firmware, Xeon_e5\-2630l_v3_firmware, Xeon_e5\-2630l_v4_firmware, Xeon_e5\-2637_firmware, Xeon_e5\-2637_v2_firmware, Xeon_e5\-2637_v3_firmware, Xeon_e5\-2637_v4_firmware, Xeon_e5\-2640_firmware, Xeon_e5\-2640_v2_firmware, Xeon_e5\-2640_v3_firmware, Xeon_e5\-2640_v4_firmware, Xeon_e5\-2643_firmware, Xeon_e5\-2643_v2_firmware, Xeon_e5\-2643_v3_firmware, Xeon_e5\-2643_v4_firmware, Xeon_e5\-2648l_firmware, Xeon_e5\-2648l_v2_firmware, Xeon_e5\-2648l_v3_firmware, Xeon_e5\-2648l_v4_firmware, Xeon_e5\-2650_firmware, Xeon_e5\-2650_v2_firmware, Xeon_e5\-2650_v3_firmware, Xeon_e5\-2650_v4_firmware, Xeon_e5\-2650l_firmware, Xeon_e5\-2650l_v2_firmware, Xeon_e5\-2650l_v3_firmware, Xeon_e5\-2650l_v4_firmware, Xeon_e5\-2658_firmware, Xeon_e5\-2658_v2_firmware, Xeon_e5\-2658_v3_firmware, Xeon_e5\-2658_v4_firmware, Xeon_e5\-2658a_v3_firmware, Xeon_e5\-2660_firmware, Xeon_e5\-2660_v2_firmware, Xeon_e5\-2660_v3_firmware, Xeon_e5\-2660_v4_firmware, Xeon_e5\-2665_firmware, Xeon_e5\-2667_firmware, Xeon_e5\-2667_v2_firmware, Xeon_e5\-2667_v3_firmware, Xeon_e5\-2667_v4_firmware, Xeon_e5\-2670_firmware, Xeon_e5\-2670_v2_firmware, Xeon_e5\-2670_v3_firmware, Xeon_e5\-2680_firmware, Xeon_e5\-2680_v2_firmware, Xeon_e5\-2680_v3_firmware, Xeon_e5\-2680_v4_firmware, Xeon_e5\-2683_v3_firmware, Xeon_e5\-2683_v4_firmware, Xeon_e5\-2687w_firmware, Xeon_e5\-2687w_v2_firmware, Xeon_e5\-2687w_v3_firmware, Xeon_e5\-2687w_v4_firmware, Xeon_e5\-2690_firmware, Xeon_e5\-2690_v2_firmware, Xeon_e5\-2690_v3_firmware, Xeon_e5\-2690_v4_firmware, Xeon_e5\-2695_v2_firmware, Xeon_e5\-2695_v3_firmware, Xeon_e5\-2695_v4_firmware, Xeon_e5\-2697_v2_firmware, Xeon_e5\-2697_v3_firmware, Xeon_e5\-2697_v4_firmware, Xeon_e5\-2697a_v4_firmware, Xeon_e5\-2698_v3_firmware, Xeon_e5\-2698_v4_firmware, Xeon_e5\-2699_v3_firmware, Xeon_e5\-2699_v4_firmware, Xeon_e5\-2699a_v4_firmware, Xeon_e5\-2699r_v4_firmware, Xeon_e5\-4603_firmware, Xeon_e5\-4603_v2_firmware, Xeon_e5\-4607_firmware, Xeon_e5\-4607_v2_firmware, Xeon_e5\-4610_firmware, Xeon_e5\-4610_v2_firmware, Xeon_e5\-4610_v3_firmware, Xeon_e5\-4610_v4_firmware, Xeon_e5\-4617_firmware, Xeon_e5\-4620_firmware, Xeon_e5\-4620_v2_firmware, Xeon_e5\-4620_v3_firmware, Xeon_e5\-4620_v4_firmware, Xeon_e5\-4624l_v2_firmware, Xeon_e5\-4627_v2_firmware, Xeon_e5\-4627_v3_firmware, Xeon_e5\-4627_v4_firmware, Xeon_e5\-4628l_v4_firmware, Xeon_e5\-4640_firmware, Xeon_e5\-4640_v2_firmware, Xeon_e5\-4640_v3_firmware, Xeon_e5\-4640_v4_firmware, Xeon_e5\-4648_v3_firmware, Xeon_e5\-4650_firmware, Xeon_e5\-4650_v2_firmware, Xeon_e5\-4650_v3_firmware, Xeon_e5\-4650_v4_firmware, Xeon_e5\-4650l_firmware, Xeon_e5\-4655_v3_firmware, Xeon_e5\-4655_v4_firmware, Xeon_e5\-4657l_v2_firmware, Xeon_e5\-4660_v3_firmware, Xeon_e5\-4660_v4_firmware, Xeon_e5\-4667_v3_firmware, Xeon_e5\-4667_v4_firmware, Xeon_e5\-4669_v3_firmware, Xeon_e5\-4669_v4_firmware, Xeon_e7\-2850_v2_firmware, Xeon_e7\-2870_v2_firmware, Xeon_e7\-2880_v2_firmware, Xeon_e7\-2890_v2_firmware, Xeon_e7\-4809_v2_firmware, Xeon_e7\-4809_v3_firmware, Xeon_e7\-4809_v4_firmware, Xeon_e7\-4820_v2_firmware, Xeon_e7\-4820_v3_firmware, Xeon_e7\-4820_v4_firmware, Xeon_e7\-4830_v2_firmware, Xeon_e7\-4830_v3_firmware, Xeon_e7\-4830_v4_firmware, Xeon_e7\-4850_v2_firmware, Xeon_e7\-4850_v3_firmware, Xeon_e7\-4850_v4_firmware, Xeon_e7\-4860_v2_firmware, Xeon_e7\-4870_v2_firmware, Xeon_e7\-4880_v2_firmware, Xeon_e7\-4890_v2_firmware, Xeon_e7\-8850_v2_firmware, Xeon_e7\-8857_v2_firmware, Xeon_e7\-8860_v3_firmware, Xeon_e7\-8860_v4_firmware, Xeon_e7\-8867_v3_firmware, Xeon_e7\-8867_v4_firmware, Xeon_e7\-8870_v2_firmware, Xeon_e7\-8870_v3_firmware, Xeon_e7\-8870_v4_firmware, Xeon_e7\-8880_v2_firmware, Xeon_e7\-8880_v3_firmware, Xeon_e7\-8880_v4_firmware, Xeon_e7\-8880l_v2_firmware, Xeon_e7\-8880l_v3_firmware, Xeon_e7\-8890_v2_firmware, Xeon_e7\-8890_v3_firmware, Xeon_e7\-8890_v4_firmware, Xeon_e7\-8891_v2_firmware, Xeon_e7\-8891_v3_firmware, Xeon_e7\-8891_v4_firmware, Xeon_e7\-8893_v2_firmware, Xeon_e7\-8893_v3_firmware, Xeon_e7\-8893_v4_firmware, Xeon_e7\-8894_v4_firmware, Cloud_backup, Steelstore_cloud_integrated_storage
|
4.8
|
|
|
2019-09-09
|
CVE-2019-16168
|
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
|
Ubuntu_linux, Debian_linux, Fedora, Policy_auditor, Active_iq_unified_manager, E\-Series_santricity_os_controller, Oncommand_insight, Oncommand_workflow_automation, Ontap_select_deploy_administration_utility, Santricity_unified_manager, Steelstore_cloud_integrated_storage, Communications_design_studio, Jdk, Jre, Mysql, Outside_in_technology, Solaris, Zfs_storage_appliance, Sqlite, Nessus_agent
|
6.5
|
|
|