Total
10060 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-1984 | 2 Microsoft, Paloaltonetworks | 2 Windows, Secdo | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows. | |||||
CVE-2020-1732 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Continuous Delivery, Openshift Application Runtimes and 1 more | 2024-02-04 | 4.9 MEDIUM | 4.2 MEDIUM |
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request. | |||||
CVE-2018-21055 | 2 Google, Qualcomm | 2 Android, Msm8996 | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018). | |||||
CVE-2020-3319 | 1 Cisco | 2 Webex Network Recording Player, Webex Player | 2024-02-04 | 4.3 MEDIUM | 3.3 LOW |
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3. | |||||
CVE-2017-18867 | 1 Netgear | 10 D6100, D6100 Firmware, D7800 and 7 more | 2024-02-04 | 4.6 MEDIUM | 6.8 MEDIUM |
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48. | |||||
CVE-2020-3648 | 1 Qualcomm | 2 Msm8909w, Msm8909w Firmware | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
u'Possible out of bound write in DSP driver code due to lack of check of data received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W | |||||
CVE-2017-18840 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2024-02-04 | 2.1 LOW | 6.2 MEDIUM |
Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | |||||
CVE-2019-20776 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. A TZ trusted application can crash via crafted input. The LG ID is LVE-SMP-190005 (July 2019). | |||||
CVE-2020-10115 | 1 Cpanel | 1 Cpanel | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537). | |||||
CVE-2020-9343 | 2 Microsoft, Signotec | 2 Windows, Signopad-api\/web | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this vulnerability can be exploited via WebSocket data with a deeply nested JSON array. | |||||
CVE-2020-5859 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file. | |||||
CVE-2020-16142 | 1 Mercedes-benz | 2 C220, Comand | 2024-02-04 | 2.9 LOW | 3.5 LOW |
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software. | |||||
CVE-2020-13941 | 1 Apache | 1 Solr | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. | |||||
CVE-2020-3240 | 1 Cisco | 2 Ucs Director, Ucs Director Express For Big Data | 2024-02-04 | 8.5 HIGH | 7.3 HIGH |
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2020-13268 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1 | |||||
CVE-2020-1986 | 2 Microsoft, Paloaltonetworks | 2 Windows, Secdo | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows. | |||||
CVE-2020-9826 | 1 Apple | 3 Ipad Os, Iphone Os, Mac Os X | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service. | |||||
CVE-2020-10068 | 1 Zephyrproject | 1 Zephyr | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. | |||||
CVE-2020-2166 | 1 Jenkins | 1 Pipeline\ | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
CVE-2020-11122 | 1 Qualcomm | 20 Apq8098, Apq8098 Firmware, Bitra and 17 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
u'Null Pointer exception while playing crafted mkv file as data stream get deleted on secondary invalid configuration' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8098, Bitra, Kamorta, SA6155P, Saipan, SM6150, SM7150, SM8150, SM8250, SXR2130 |