Total
10063 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3383 | 1 Cisco | 1 Data Center Network Manager | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to a lack of proper input validation of paths that are embedded within archive files. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to write arbitrary files in the system with the privileges of the logged-in user. | |||||
| CVE-2020-7821 | 2 Microsoft, Nexaweb | 3 Windows, Nexacro 14, Nexacro 17 | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leveraged for code execution by rebooting the victim’s PC | |||||
| CVE-2020-3272 | 1 Cisco | 1 Prime Network Registrar | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition. | |||||
| CVE-2016-11040 | 1 Google | 1 Android | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5068 (June 2016). | |||||
| CVE-2017-18648 | 1 Google | 1 Android | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered on Samsung mobile devices with KK(4.4.x), L(5.x), M(6.x), and N(7.x) software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 (November 2017). | |||||
| CVE-2020-8187 | 1 Citrix | 4 Application Delivery Controller, Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack. | |||||
| CVE-2020-0161 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127973550 | |||||
| CVE-2019-15709 | 1 Fortinet | 3 Fortiap-s, Fortiap-u, Fortiap-w2 | 2024-02-04 | 8.5 HIGH | 6.5 MEDIUM |
| An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI. | |||||
| CVE-2020-9777 | 1 Apple | 2 Ipados, Iphone Os | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue existed in the selection of video file by Mail. The issue was fixed by selecting the latest version of a video. This issue is fixed in iOS 13.4 and iPadOS 13.4. Cropped videos may not be shared properly via Mail. | |||||
| CVE-2016-11067 | 1 Mattermost | 1 Mattermost Server | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang. | |||||
| CVE-2019-12520 | 3 Canonical, Debian, Squid-cache | 3 Ubuntu Linux, Debian Linux, Squid | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does this by making a MD5 hash of the absolute URL of the request. If found, it servers the request. The absolute URL can include the decoded UserInfo (username and password) for certain protocols. This decoded info is prepended to the domain. This allows an attacker to provide a username that has special characters to delimit the domain, and treat the rest of the URL as a path or query string. An attacker could first make a request to their domain using an encoded username, then when a request for the target domain comes in that decodes to the exact URL, it will serve the attacker's HTML instead of the real HTML. On Squid servers that also act as reverse proxies, this allows an attacker to gain access to features that only reverse proxies can use, such as ESI. | |||||
| CVE-2019-20485 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2024-02-04 | 2.7 LOW | 5.7 MEDIUM |
| qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). | |||||
| CVE-2020-0162 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124526959 | |||||
| CVE-2020-3375 | 1 Cisco | 2 Ios Xe Sd-wan, Sd-wan | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access, make changes to the system that they are not authorized to make, and execute commands on an affected system with privileges of the root user. | |||||
| CVE-2020-6868 | 1 Zte | 2 F680, F680 Firmware | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6 | |||||
| CVE-2020-9468 | 1 Piwigo | 1 Piwigo | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Community plugin 2.9.e-beta for Piwigo allows users to set image information on images in albums for which they do not have permission, by manipulating the image_id parameter. | |||||
| CVE-2015-9545 | 1 Cross Domain Local Storage Project | 1 Cross Domain Local Storage | 2024-02-04 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages. | |||||
| CVE-2020-0179 | 1 Google | 1 Android | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| In doSendObjectInfo of MtpServer.cpp, there is a possible path traversal attack due to insufficient input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is required for exploitation.Product: AndroidVersions: Android-10Android ID: A-130656917 | |||||
| CVE-2020-0645 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A tampering vulnerability exists when Microsoft IIS Server improperly handles malformed request headers, aka 'Microsoft IIS Server Tampering Vulnerability'. | |||||
| CVE-2020-7518 | 1 Schneider-electric | 1 Easergy Builder | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files. | |||||