Total
11765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11289 | 1 Cloudfoundry | 2 Cf-deployment, Routing-release | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash. | |||||
| CVE-2019-11255 | 2 Kubernetes, Redhat | 4 External-provisioner, External-resizer, External-snapshotter and 1 more | 2024-11-21 | 5.5 MEDIUM | 4.8 MEDIUM |
| Improper input validation in Kubernetes CSI sidecar containers for external-provisioner (<v0.4.3, <v1.0.2, v1.1, <v1.2.2, <v1.3.1), external-snapshotter (<v0.4.2, <v1.0.2, v1.1, <1.2.2), and external-resizer (v0.1, v0.2) could result in unauthorized PersistentVolume data access or volume mutation during snapshot, restore from snapshot, cloning and resizing operations. | |||||
| CVE-2019-11253 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift Container Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility. | |||||
| CVE-2019-11247 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift Container Platform | 2024-11-21 | 6.5 MEDIUM | 8.1 HIGH |
| The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. | |||||
| CVE-2019-11228 | 1 Gitea | 1 Gitea | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress. | |||||
| CVE-2019-11218 | 1 Bonobogitserver | 1 Bonobo Git Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Improper handling of extra parameters in the AccountController (User Profile edit) in Jakub Chodounsky Bonobo Git Server before 6.5.0 allows authenticated users to gain application administrator privileges via additional form parameter submissions. | |||||
| CVE-2019-11180 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2019-11179 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2019-11175 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2019-11140 | 1 Intel | 8 Compute Card Cd1iv128mk, Compute Card Firmware, Compute Stick Firmware and 5 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||
| CVE-2019-11137 | 2 Hpe, Intel | 568 Apollo 4200 Gen10 Server, Apollo 4200 Gen10 Server Firmware, Apollo 4200 Gen9 Server and 565 more | 2024-11-21 | 4.6 MEDIUM | 8.2 HIGH |
| Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||
| CVE-2019-11128 | 1 Intel | 13 Compute Card Cd1c64gk, Compute Card Cd1iv128mk, Compute Card Cd1m3128mk and 10 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||
| CVE-2019-11125 | 1 Intel | 13 Compute Card Cd1c64gk, Compute Card Cd1iv128mk, Compute Card Cd1m3128mk and 10 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||
| CVE-2019-11123 | 1 Intel | 13 Compute Card Cd1c64gk, Compute Card Cd1iv128mk, Compute Card Cd1m3128mk and 10 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient session validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||
| CVE-2019-11114 | 1 Intel | 1 Driver \& Support Assistant | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2019-11108 | 1 Intel | 1 Converged Security Management Engine Firmware | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-11107 | 1 Intel | 1 Active Management Technology Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2019-11104 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-11103 | 1 Intel | 1 Converged Security Management Engine Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-11102 | 1 Intel | 2 Dynamic Application Loader, Trusted Execution Engine Firmware | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. | |||||