Total
10063 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15986 | 1 Cisco | 1 Unity Express | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco Unity Express could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. To exploit this vulnerability, an attacker would need valid administrator credentials. The vulnerability is due to improper input validation for certain CLI commands that are executed on a vulnerable system. An attacker could exploit this vulnerability by logging in to the system and sending crafted CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. | |||||
| CVE-2019-17347 | 1 Xen | 1 Xen | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels). | |||||
| CVE-2020-6638 | 1 Grin | 1 Grin | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Grin through 2.1.1 has Insufficient Validation. | |||||
| CVE-2019-18624 | 1 Opera | 1 Mini | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Opera Mini for Android allows attackers to bypass intended restrictions on .apk file download/installation via an RTLO (aka Right to Left Override) approach, as demonstrated by misinterpretation of malicious%E2%80%AEtxt.apk as maliciouskpa.txt. This affects 44.1.2254.142553, 44.1.2254.142659, and 44.1.2254.143214. | |||||
| CVE-2019-17210 | 1 Arm | 2 Mbed-mqtt, Mbed-os | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A denial-of-service issue was discovered in the MQTT library in Arm Mbed OS 2017-11-02. The function readMQTTLenString() is called by the function MQTTDeserialize_publish() to get the length and content of the MQTT topic name. In the function readMQTTLenString(), mqttstring->lenstring.len is a part of user input, which can be manipulated. An attacker can simply change it to a larger value to invalidate the if statement so that the statements inside the if statement are skipped, letting the value of mqttstring->lenstring.data default to zero. Later, curn is accessed, which points to mqttstring->lenstring.data. On an Arm Cortex-M chip, the value at address 0x0 is actually the initialization value for the MSP register. It is highly dependent on the actual firmware. Therefore, the behavior of the program is unpredictable from this time on. | |||||
| CVE-2019-16676 | 1 Plataformatec | 1 Simple Form | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call. | |||||
| CVE-2019-16871 | 1 Beckhoff | 1 Twincat | 2024-02-04 | 9.3 HIGH | 9.8 CRITICAL |
| Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol. | |||||
| CVE-2020-8125 | 1 Klona Project | 1 Klona | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona. | |||||
| CVE-2019-15915 | 1 Mi | 8 Dgnwg03lm, Dgnwg03lm Firmware, Mccgq01lm and 5 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, RTCGQ01LM devices. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack. | |||||
| CVE-2019-1354 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387. | |||||
| CVE-2019-9398 | 1 Google | 1 Android | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115745406 | |||||
| CVE-2019-1389 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2024-02-04 | 7.7 HIGH | 8.4 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1397, CVE-2019-1398. | |||||
| CVE-2014-5289 | 1 Senkas Kolibri Project | 1 Senkas Kolibri | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request. | |||||
| CVE-2019-20396 | 1 Cesnet | 1 Libyang | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing. | |||||
| CVE-2019-12673 | 1 Cisco | 13 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5505 and 10 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the FTP inspection engine of Cisco Adaptive Security (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of FTP data. An attacker could exploit this vulnerability by sending malicious FTP traffic through an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. | |||||
| CVE-2019-12689 | 1 Cisco | 1 Firepower Management Center | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device. | |||||
| CVE-2020-10236 | 1 Froxlor | 1 Froxlor | 2024-02-04 | 3.6 LOW | 6.1 MEDIUM |
| An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during installation if the installation directory was not writable. This allowed local attackers to cause DoS or disclose information out of the config files, because of _createUserdataConf in install/lib/class.FroxlorInstall.php. | |||||
| CVE-2020-6963 | 1 Gehealthcare | 12 Apexpro Telemetry Server, Apexpro Telemetry Server Firmware, Carescape Central Station Mai700 and 9 more | 2024-02-04 | 10.0 HIGH | 10.0 CRITICAL |
| In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-6411 | 1 Google | 1 Chrome | 2024-02-04 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2020-10101 | 1 Zammad | 1 Zammad | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process. | |||||