Total
10067 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6401 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2019-6654 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-02-04 | 3.3 LOW | 4.3 MEDIUM |
| On versions 14.0.0-14.1.2, 13.0.0-13.1.3, 12.1.0-12.1.5, and 11.5.1-11.6.5, the BIG-IP system fails to perform Martian Address Filtering (As defined in RFC 1812 section 5.3.7) on the control plane (management interface). This may allow attackers on an adjacent system to force BIG-IP into processing packets with spoofed source addresses. | |||||
| CVE-2019-17020 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Firefox | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72. | |||||
| CVE-2019-14591 | 2 Intel, Netapp | 6 Graphics Driver, Cloud Backup, Data Availability Services and 3 more | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2019-3979 | 1 Mikrotik | 1 Routeros | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records. | |||||
| CVE-2019-4655 | 1 Ibm | 2 Mq, Mq Appliance | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM MQ 9.1.0.0, 9.1.0.1, 9.1.0.2, 9.1.0.3, 9.1.1, 9.1.2, and 9.1.3 is vulnerable to a denial of service attack that would allow an authenticated user to reset client connections due to an error within the Data Conversion routine. IBM X-Force ID: 170966. | |||||
| CVE-2019-3980 | 1 Solarwinds | 1 Dameware Mini Remote Control | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| The Solarwinds Dameware Mini Remote Client agent v12.1.0.89 supports smart card authentication which can allow a user to upload an executable to be executed on the DWRCS.exe host. An unauthenticated, remote attacker can request smart card login and upload and execute an arbitrary executable run under the Local System account. | |||||
| CVE-2019-1470 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-04 | 4.0 MEDIUM | 6.0 MEDIUM |
| An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | |||||
| CVE-2019-16026 | 1 Cisco | 4 Asr 5000, Asr 5500, Asr 5700 and 1 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition. | |||||
| CVE-2013-2227 | 2 Debian, Glpi-project | 2 Debian Linux, Glpi | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| GLPI 0.83.7 has Local File Inclusion in common.tabs.php. | |||||
| CVE-2013-4535 | 2 Qemu, Redhat | 6 Qemu, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2024-02-04 | 7.2 HIGH | 8.8 HIGH |
| The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read. | |||||
| CVE-2020-6402 | 7 Apple, Debian, Fedoraproject and 4 more | 10 Macos, Debian Linux, Fedora and 7 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in downloads in Google Chrome on OS X prior to 80.0.3987.87 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. | |||||
| CVE-2015-2689 | 1 Torproject | 1 Tor | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. | |||||
| CVE-2019-17063 | 1 Snowtide | 1 Pdfxstream | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Snowtide PDFxStream before 3.7.1 (for Java), a crafted PDF file can trigger an extremely long running computation because of page-tree mishandling. | |||||
| CVE-2013-1751 | 1 Twiki | 1 Twiki | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters. | |||||
| CVE-2020-7253 | 1 Mcafee | 1 Agent | 2024-02-04 | 2.1 LOW | 4.4 MEDIUM |
| Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility. | |||||
| CVE-2020-0655 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-04 | 8.5 HIGH | 8.0 HIGH |
| A remote code execution vulnerability exists in Remote Desktop Services – formerly known as Terminal Services – when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | |||||
| CVE-2019-0050 | 1 Juniper | 2 Junos, Srx1500 | 2024-02-04 | 4.3 MEDIUM | 7.5 HIGH |
| Under certain heavy traffic conditions srxpfe process can crash and result in a denial of service condition for the SRX1500 device. Repeated crashes of the srxpfe can result in an extended denial of service condition. The SRX device may fail to forward traffic when this condition occurs. Affected releases are Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D170 on SRX1500; 17.3 versions prior to 17.3R3-S7 on SRX1500; 17.4 versions prior to 17.4R2-S8, 17.4R3 on SRX1500; 18.1 versions prior to 18.1R3-S8 on SRX1500; 18.2 versions prior to 18.2R3 on SRX1500; 18.3 versions prior to 18.3R2 on SRX1500; 18.4 versions prior to 18.4R2 on SRX1500. | |||||
| CVE-2019-19298 | 1 Siemens | 1 Sinvr\/sivms Video Server | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests. | |||||
| CVE-2010-2447 | 1 Gitolite | 1 Gitolite | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| gitolite before 1.4.1 does not filter src/ or hooks/ from path names. | |||||