Total
10063 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0694 | 1 Sugarcrm | 1 Sugarcrm | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2019-1398 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-04 | 7.7 HIGH | 8.4 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1397. | |||||
| CVE-2019-16893 | 1 Tp-link | 2 Tp-sg105e, Tp-sg105e Firmware | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| The Web Management of TP-Link TP-SG105E V4 1.0.0 Build 20181120 devices allows an unauthenticated attacker to reboot the device via a reboot.cgi request. | |||||
| CVE-2019-9352 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124253062 | |||||
| CVE-2011-4310 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles. | |||||
| CVE-2019-0147 | 1 Intel | 13 Ethernet 700 Series Software, Ethernet Controller 710-bm1, Ethernet Controller 710-bm1 Firmware and 10 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | |||||
| CVE-2019-12433 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues. | |||||
| CVE-2014-9013 | 1 Wpmarketplace Project | 1 Wpmarketplace | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user. | |||||
| CVE-2005-4890 | 3 Debian, Redhat, Sudo Project | 4 Debian Linux, Shadow, Enterprise Linux and 1 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. | |||||
| CVE-2013-0180 | 1 Redislabs | 1 Redis | 2024-02-04 | 3.6 LOW | 5.5 MEDIUM |
| Insecure temporary file vulnerability in Redis 2.6 related to /tmp/redis.ds. | |||||
| CVE-2019-0203 | 1 Apache | 1 Subversion | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands. This can lead to disruption for users of the server. | |||||
| CVE-2019-5852 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-5542 | 1 Vmware | 2 Fusion, Workstation | 2024-02-04 | 4.0 MEDIUM | 7.7 HIGH |
| VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain a denial-of-service vulnerability in the RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. | |||||
| CVE-2019-9371 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-04 | 7.1 HIGH | 6.5 MEDIUM |
| In libvpx, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132783254 | |||||
| CVE-2010-4660 | 1 Status | 1 Statusnet | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes.. | |||||
| CVE-2020-9264 | 1 Eset | 6 Cyber Security, Internet Security, Mobile Security and 3 more | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| ESET Archive Support Module before 1296 allows virus-detection bypass via a crafted Compression Information Field in a ZIP archive. This affects versions before 1294 of Smart Security Premium, Internet Security, NOD32 Antivirus, Cyber Security Pro (macOS), Cyber Security (macOS), Mobile Security for Android, Smart TV Security, and NOD32 Antivirus 4 for Linux Desktop. | |||||
| CVE-2020-7957 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages. | |||||
| CVE-2020-1828 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service. | |||||
| CVE-2019-13675 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page. | |||||
| CVE-2019-0067 | 1 Juniper | 1 Junos | 2024-02-04 | 6.1 MEDIUM | 6.5 MEDIUM |
| Receipt of a specific link-local IPv6 packet destined to the RE may cause the system to crash and restart (vmcore). By continuously sending a specially crafted IPv6 packet, an attacker can repeatedly crash the system causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R6-S2, 16.1R7; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3. This issue does not affect Juniper Networks Junos OS version 15.1 and prior versions. | |||||