Total
10062 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0091 | 1 Theforeman | 1 Foreman | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Foreman has improper input validation which could lead to partial Denial of Service | |||||
| CVE-2019-8788 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1. Improper URL processing may lead to data exfiltration. | |||||
| CVE-2020-8095 | 1 Bitdefender | 1 Total Security 2020 | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. | |||||
| CVE-2020-0734 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0681. | |||||
| CVE-2019-9372 | 1 Google | 1 Android | 2024-02-04 | 7.1 HIGH | 6.5 MEDIUM |
| In libskia, there is a possible crash due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-132782448 | |||||
| CVE-2020-4212 | 2 Ibm, Linux | 2 Spectrum Protect, Linux Kernel | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023. | |||||
| CVE-2020-6412 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-02-04 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2020-9034 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users. | |||||
| CVE-2020-5856 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart. | |||||
| CVE-2020-0609 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610. | |||||
| CVE-2019-13524 | 1 Emerson | 18 Rx3i Cpe100, Rx3i Cpe100 Firmware, Rx3i Cpe115 and 15 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode. | |||||
| CVE-2015-2923 | 1 Freebsd | 1 Freebsd | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. | |||||
| CVE-2013-0243 | 1 Haskell | 1 Hs-tls | 2024-02-04 | 5.8 MEDIUM | 7.4 HIGH |
| haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections | |||||
| CVE-2019-17426 | 1 Mongoosejs | 1 Mongoose | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Automattic Mongoose through 5.7.4 allows attackers to bypass access control (in some applications) because any query object with a _bsontype attribute is ignored. For example, adding "_bsontype":"a" can sometimes interfere with a query filter. NOTE: this CVE is about Mongoose's failure to work around this _bsontype special case that exists in older versions of the bson parser (aka the mongodb/js-bson project). | |||||
| CVE-2013-1816 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. | |||||
| CVE-2019-9503 | 2 Broadcom, Redhat | 2 Brcmfmac Driver, Enterprise Linux | 2024-02-04 | 7.9 HIGH | 8.3 HIGH |
| The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. | |||||
| CVE-2019-14609 | 1 Intel | 38 Cd1iv128mk, Cd1iv128mk Firmware, Cd1m3128mk and 35 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-0611 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 5.1 MEDIUM | 7.5 HIGH |
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. | |||||
| CVE-2020-1872 | 1 Huawei | 2 P10 Plus, P10 Plus Firmware | 2024-02-04 | 2.1 LOW | 4.6 MEDIUM |
| Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E75R1P12T8), earlier than 9.1.0.252(C185E2R1P9T8), earlier than 9.1.0.252(C432E4R1P9T8), and earlier than 9.1.0.255(C576E6R1P8T8) have a digital balance bypass vulnerability. When re-configuring the mobile phone at the digital balance mode, an attacker can perform some operations to bypass the startup wizard, and then open some switch. As a result, the digital balance function is bypassed. | |||||
| CVE-2019-5874 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient filtering in URI schemes in Google Chrome on Windows prior to 77.0.3865.75 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||