Total
10063 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5864 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. | |||||
| CVE-2019-15624 | 3 Nextcloud, Opensuse, Suse | 3 Nextcloud Server, Backports, Suse Linux Enterprise Server | 2024-02-04 | 4.0 MEDIUM | 4.9 MEDIUM |
| Improper Input Validation in Nextcloud Server 15.0.7 allows group admins to create users with IDs of system folders. | |||||
| CVE-2013-7171 | 1 Slackware | 1 Slackware Linux | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Slackware 14.0 and 14.1, and Slackware LLVM 3.0-i486-2 and 3.3-i486-2, contain world-writable permissions on the /tmp directory which could allow remote attackers to execute arbitrary code with root privileges. | |||||
| CVE-2019-12657 | 1 Cisco | 118 4321 Integrated Services Router, 4331 Integrated Services Router, 4351 Integrated Services Router and 115 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in Unified Threat Defense (UTD) in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper validation of IPv6 packets through the UTD feature. An attacker could exploit this vulnerability by sending IPv6 traffic through an affected device that is configured with UTD. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | |||||
| CVE-2019-17532 | 1 Belkin | 2 Wemo Switch 28b, Wemo Switch 28b Firmware | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs. | |||||
| CVE-2019-4640 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046. | |||||
| CVE-2019-9283 | 1 Google | 1 Android | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In AAC Codec, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112663564 | |||||
| CVE-2020-8517 | 3 Canonical, Opensuse, Squid-cache | 3 Ubuntu Linux, Leap, Squid | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy. | |||||
| CVE-2013-4245 | 2 Debian, Gnome | 2 Debian Linux, Orca | 2024-02-04 | 4.4 MEDIUM | 7.3 HIGH |
| Orca has arbitrary code execution due to insecure Python module load | |||||
| CVE-2014-2304 | 1 Projectfloodlight | 1 Open Sdn Controller | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures. | |||||
| CVE-2019-20041 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript: substring. | |||||
| CVE-2012-6125 | 1 Call-cc | 1 Chicken | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. | |||||
| CVE-2019-9395 | 1 Google | 1 Android | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116267405 | |||||
| CVE-2012-3409 | 2 Debian, Ecryptfs | 2 Debian Linux, Ecryptfs-utils | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation | |||||
| CVE-2019-12694 | 1 Cisco | 1 Firepower Threat Defense | 2024-02-04 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the command line interface (CLI) of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker with administrative privileges to execute commands on the underlying operating system with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a specific CLI command that includes crafted arguments. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. | |||||
| CVE-2011-2922 | 1 Ktsuss Project | 1 Ktsuss | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code. | |||||
| CVE-2019-8665 | 1 Apple | 2 Iphone Os, Watchos | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, watchOS 5.3. A remote attacker may cause an unexpected application termination. | |||||
| CVE-2012-3543 | 3 Canonical, Debian, Mono-project | 3 Ubuntu Linux, Debian Linux, Mono | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| mono 2.10.x ASP.NET Web Form Hash collision DoS | |||||
| CVE-2019-11180 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2019-18386 | 1 Unisys | 1 Mcp Firmware | 2024-02-04 | 5.8 MEDIUM | 8.7 HIGH |
| Systems management on Unisys ClearPath Forward Libra and ClearPath MCP Software Series can fault and have other unspecified impact when receiving specifically crafted message payloads over a systems management communication channel | |||||