Total
10063 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2271 | 2 Huawei, Wps | 3 P2-6011, P2-6011 Firmware, Wps Office | 2024-02-04 | 6.8 MEDIUM | 8.1 HIGH |
| cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic. | |||||
| CVE-2020-0647 | 1 Microsoft | 1 Office Online Server | 2024-02-04 | 5.8 MEDIUM | 5.4 MEDIUM |
| A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. | |||||
| CVE-2013-1811 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". | |||||
| CVE-2019-11137 | 2 Hpe, Intel | 568 Apollo 4200 Gen10 Server, Apollo 4200 Gen10 Server Firmware, Apollo 4200 Gen9 Server and 565 more | 2024-02-04 | 4.6 MEDIUM | 8.2 HIGH |
| Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||
| CVE-2019-18939 | 2 Eq-3, Hm-print Project | 5 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 2 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the HM-Print AddOn through 1.2a installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi and exec1.cgi scripts, which execute TCL script content from an HTTP POST request. | |||||
| CVE-2012-6135 | 2 Phusion, Redhat | 2 Passenger, Openshift | 2024-02-04 | 6.4 MEDIUM | 7.5 HIGH |
| RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. | |||||
| CVE-2016-1000104 | 2 Apache, Opensuse | 3 Mod Fcgid, Leap, Opensuse | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| A security Bypass vulnerability exists in the FcgidPassHeader Proxy in mod_fcgid through 2016-07-07. | |||||
| CVE-2019-16656 | 1 Joyplus Project | 1 Joyplus | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database. | |||||
| CVE-2013-2259 | 1 Cryptocat Project | 1 Cryptocat | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview | |||||
| CVE-2019-15288 | 1 Cisco | 3 Roomos, Telepresence Codec, Telepresence Collaboration Endpoint | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including specific arguments when opening an SSH connection to an affected device. A successful exploit could allow the attacker to gain unrestricted user access to the restricted shell of an affected device. | |||||
| CVE-2011-2897 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | |||||
| CVE-2019-17191 | 1 Signal | 1 Private Messenger | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block eavesdropping. | |||||
| CVE-2011-0529 | 2 Debian, Weborf Project | 2 Debian Linux, Weborf | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP. | |||||
| CVE-2019-10786 | 1 Network-manager Project | 1 Network-manager | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the "execSync()" argument. | |||||
| CVE-2020-2109 | 1 Jenkins | 1 Pipeline\ | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods. | |||||
| CVE-2019-8654 | 1 Apple | 1 Safari | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.1. Visiting a malicious website may lead to user interface spoofing. | |||||
| CVE-2019-15912 | 1 Asus | 14 As-101, As-101 Firmware, Dl-101 and 11 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks. | |||||
| CVE-2020-0661 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-04 | 5.5 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0751. | |||||
| CVE-2019-17420 | 2 Oisf, Suricata-ids | 2 Libhtp, Suricata | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| In OISF LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products, an HTTP protocol parsing error causes the http_header signature to not alert on a response with a single \r\n ending. | |||||
| CVE-2013-1607 | 1 Pdfkit Project | 1 Pdfkit | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability | |||||