Total
10067 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0084 | 1 Redhat | 1 Openshift Origin | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| Ruby gem openshift-origin-node before 2014-02-14 does not contain a cronjob timeout which could result in a denial of service in cron.daily and cron.weekly. | |||||
| CVE-2019-17042 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow. | |||||
| CVE-2019-17002 | 1 Mozilla | 1 Firefox | 2024-02-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < 70. | |||||
| CVE-2013-3738 | 1 Zabbix | 1 Zabbix | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2019-19396 | 1 Omniosce | 1 Omnios | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences. | |||||
| CVE-2019-1352 | 1 Microsoft | 2 Visual Studio 2017, Visual Studio 2019 | 2024-02-04 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387. | |||||
| CVE-2020-6756 | 1 Rasilient | 2 Pixelstor 5000, Pixelstor 5000 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (KDI Version) allows unauthenticated attackers to remotely execute code via the lang parameter. | |||||
| CVE-2019-8817 | 1 Apple | 1 Mac Os X | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.1. An application may be able to read restricted memory. | |||||
| CVE-2019-18937 | 2 Eq-3, Scriptparser Project | 5 Homematic Ccu2, Homematic Ccu2 Firmware, Homematic Ccu3 and 2 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser AddOn through 1.8 installed allow Remote Code Execution by unauthenticated attackers with access to the web interface via the exec.cgi script, which executes TCL script content from an HTTP POST request. | |||||
| CVE-2019-19899 | 1 Pebbletemplates | 1 Pebble Templates | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Pebble Templates 3.1.2 allows attackers to bypass a protection mechanism (intended to block access to instances of java.lang.Class) because getClass is accessible via the public static java.lang.Class java.lang.Class.forName(java.lang.Module,java.lang.String) signature. | |||||
| CVE-2014-1935 | 2 9base Project, Debian | 2 9base, Debian Linux | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| 9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames. | |||||
| CVE-2019-19459 | 1 Saltosystem | 1 Proaccess Space | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server. | |||||
| CVE-2019-17273 | 1 Netapp | 1 E-series Santricity Os Controller | 2024-02-04 | 3.3 LOW | 6.5 MEDIUM |
| E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments. | |||||
| CVE-2013-4100 | 1 Cryptocat Project | 1 Cryptocat | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Cryptocat before 2.0.22 has Remote Denial of Service via username | |||||
| CVE-2014-1937 | 1 Gamera Project | 1 Gamera | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Gamera before 3.4.1 insecurely creates temporary files. | |||||
| CVE-2019-12663 | 1 Cisco | 49 Catalyst 9300-24p-a, Catalyst 9300-24p-e, Catalyst 9300-24s-a and 46 more | 2024-02-04 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the Cisco TrustSec (CTS) Protected Access Credential (PAC) provisioning module of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of attributes in RADIUS messages. An attacker could exploit this vulnerability by sending a malicious RADIUS message to an affected device while the device is in a specific state. | |||||
| CVE-2019-5260 | 1 Huawei | 4 View 20, View 20 Firmware, Y9 2019 and 1 more | 2024-02-04 | 6.1 MEDIUM | 6.5 MEDIUM |
| Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot. | |||||
| CVE-2019-0131 | 1 Intel | 1 Active Management Technology Firmware | 2024-02-04 | 4.8 MEDIUM | 8.1 HIGH |
| Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. | |||||
| CVE-2020-0612 | 1 Microsoft | 2 Windows Server 2016, Windows Server 2019 | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'. | |||||
| CVE-2012-4438 | 1 Jenkins | 1 Jenkins | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code. | |||||