Export limit exceeded: 24625 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24625 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-11268 | 1 Pivotal Software | 1 Cloud Foundry Uaa-release | 2024-11-21 | 4.3 Medium |
| Cloud Foundry UAA version prior to 73.3.0, contain endpoints that contains improper escaping. An authenticated malicious user with basic read privileges for one identity zone can extend those reading privileges to all other identity zones and obtain private information on users, clients, and groups in all other identity zones. | ||||
| CVE-2019-11255 | 2 Kubernetes, Redhat | 5 External-provisioner, External-resizer, External-snapshotter and 2 more | 2024-11-21 | 4.8 Medium |
| Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations. | ||||
| CVE-2019-11252 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-11-21 | 5.9 Medium |
| The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes. | ||||
| CVE-2019-11247 | 2 Kubernetes, Redhat | 3 Kubernetes, Openshift, Openshift Container Platform | 2024-11-21 | 8.1 High |
| The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. | ||||
| CVE-2019-11243 | 2 Kubernetes, Netapp | 2 Kubernetes, Trident | 2024-11-21 | 8.1 High |
| In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig() | ||||
| CVE-2019-11233 | 1 Eic | 1 Biyan | 2024-11-21 | N/A |
| EXCELLENT INFOTEK BiYan v1.57 ~ v2.8 allows an attacker to leak user information without being authenticated, by sending a LOGIN_ID element to the auth/main/asp/check_user_login_info.aspx URI, and then reading the response, as demonstrated by the KW_EMAIL or KW_TEL field. | ||||
| CVE-2019-11228 | 1 Gitea | 1 Gitea | 2024-11-21 | N/A |
| repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress. | ||||
| CVE-2019-11218 | 1 Bonobogitserver | 1 Bonobo Git Server | 2024-11-21 | N/A |
| Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions. | ||||
| CVE-2019-11180 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-11-21 | 7.5 High |
| Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2019-11179 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-11-21 | 6.5 Medium |
| Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2019-11175 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-11-21 | 7.5 High |
| Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2019-11140 | 1 Intel | 8 Compute Card Cd1iv128mk, Compute Card Firmware, Compute Stick Firmware and 5 more | 2024-11-21 | N/A |
| Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | ||||
| CVE-2019-11137 | 2 Hpe, Intel | 568 Apollo 4200 Gen10 Server, Apollo 4200 Gen10 Server Firmware, Apollo 4200 Gen9 Server and 565 more | 2024-11-21 | 8.2 High |
| Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | ||||
| CVE-2019-11135 | 9 Canonical, Debian, Fedoraproject and 6 more | 312 Ubuntu Linux, Debian Linux, Fedora and 309 more | 2024-11-21 | 6.5 Medium |
| TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. | ||||
| CVE-2019-11128 | 1 Intel | 13 Compute Card Cd1c64gk, Compute Card Cd1iv128mk, Compute Card Cd1m3128mk and 10 more | 2024-11-21 | N/A |
| Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | ||||
| CVE-2019-11125 | 1 Intel | 13 Compute Card Cd1c64gk, Compute Card Cd1iv128mk, Compute Card Cd1m3128mk and 10 more | 2024-11-21 | N/A |
| Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | ||||
| CVE-2019-11123 | 1 Intel | 13 Compute Card Cd1c64gk, Compute Card Cd1iv128mk, Compute Card Cd1m3128mk and 10 more | 2024-11-21 | N/A |
| Insufficient session validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | ||||
| CVE-2019-11114 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | N/A |
| Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2019-11108 | 1 Intel | 1 Converged Security Management Engine Firmware | 2024-11-21 | 6.7 Medium |
| Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-11107 | 1 Intel | 1 Active Management Technology Firmware | 2024-11-21 | 9.8 Critical |
| Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||