Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

cve-2019-2725 vulnerabilities and exploits

(subscribe to this query)

7.5
CVSSv2
CVE-2019-10910
In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, when service ids allow user input, this could allow for SQL Injection and remote code execution. This is related to symfony/dependency-injection....
Sensiolabs Symfony
4.3
CVSSv2
CVE-2004-2725
Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in (a) search.php, (2) the email parameter in (b) subscribe.php, and (3) the return and (4) title parameters in (c)...
Aztek Forum Aztek Forum 4.0
3.5
CVSSv2
CVE-2012-2725
classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML module 6.x-1.x before 6.x-1.1 for Drupal does not properly validate sources with the host white list, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site...
Authoring Html 6.x-1.0
5
CVSSv2
CVE-2019-9208
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences....
Wireshark WiresharkDebian Debian Linux 9.0
5
CVSSv2
CVE-2019-9209
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values....
Wireshark WiresharkDebian Debian Linux 8.0Debian Debian Linux 9.0
5
CVSSv2
CVE-2019-9214
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation....
Wireshark WiresharkDebian Debian Linux 9.0
5
CVSSv2
CVE-2018-20783
In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to...
Php PhpOpensuse Leap 42.3
5
CVSSv2
CVE-2019-5737
In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection...
Nodejs Node.jsOpensuse Leap 42.3
4.3
CVSSv2
CVE-2019-1559
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0...
Openssl OpensslCanonical Ubuntu Linux 16.04Canonical Ubuntu Linux 18.04Canonical Ubuntu Linux 18.10Debian Debian Linux 8.0Debian Debian Linux 9.0Netapp Element Software -Netapp Hyper Converged Infrastructure -Netapp Oncommand Unified Manager -Netapp Oncommand Workflow Automation -Netapp Ontap Select Deploy -Netapp Ontap Select Deploy Administration Utility -Netapp Santricity Smi-s Provider -Netapp Snapcenter -Netapp Snapdrive -Netapp Steelstore Cloud Integrated Storage -Netapp Storage Automation Store -Netapp Storagegrid -Netapp StoragegridF5 Traffix Signaling Delivery Controller 4.4.0F5 Traffix Signaling Delivery ControllerTenable NessusOpensuse Leap 15.0Opensuse Leap 42.3
7.2
CVSSv2
CVE-2019-5518
VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1...
Vmware FusionVmware WorkstationVmware Esxi 6.0Vmware Esxi 6.5Vmware Esxi 6.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2021-20661CVE-2020-4953CVE-2018-19518CVE-2021-27645CVE-2021-3156CVE-2021-26684deserializationwireless