Total
10067 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20155 | 1 Determine | 1 Contract Lifecycle Management | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in report_edit.jsp in Determine (formerly Selectica) Contract Lifecycle Management (CLM) v5.4. Any authenticated user may execute Groovy code when generating a report, resulting in arbitrary code execution on the underlying server. | |||||
| CVE-2019-18247 | 1 Hitachienergy | 4 Relion 650, Relion 650 Firmware, Relion 670 and 1 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service. | |||||
| CVE-2020-9013 | 1 Arvato | 1 Skillpipe | 2024-02-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code. | |||||
| CVE-2019-10769 | 1 Safer-eval Project | 1 Safer-eval | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| safer-eval is a npm package to sandbox the he evaluation of code used within the eval function. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError. | |||||
| CVE-2011-0220 | 1 Apple | 1 Bonjour | 2024-02-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet. | |||||
| CVE-2018-21020 | 1 Centreon | 1 Centreon Web | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | |||||
| CVE-2019-17051 | 1 Evernote | 1 Evernote | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| Evernote before 7.13 GA on macOS allows code execution because the com.apple.quarantine attribute is not used for attachment files, as demonstrated by a one-click attack involving a drag-and-drop operation on a crafted Terminal file. | |||||
| CVE-2015-1855 | 3 Debian, Puppet, Ruby-lang | 5 Debian Linux, Puppet Agent, Puppet Enterprise and 2 more | 2024-02-04 | 4.3 MEDIUM | 5.9 MEDIUM |
| verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters. | |||||
| CVE-2020-8614 | 1 Askey | 2 Ap4000w, Ap4000w Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188. | |||||
| CVE-2019-15966 | 1 Cisco | 1 Telepresence Advanced Media Gateway | 2024-02-04 | 6.8 MEDIUM | 7.7 HIGH |
| A vulnerability in the web application of Cisco TelePresence Advanced Media Gateway could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation in the web application. An attacker could exploit this vulnerability by sending a crafted authenticated HTTP request to the device. An exploit could allow the attacker to stop services on an affected device. The device may become inoperable and results in a denial of service (DoS) condition. | |||||
| CVE-2014-5091 | 1 Status2k | 1 Status2k | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code. | |||||
| CVE-2019-10495 | 1 Qualcomm | 72 Msm8909w, Msm8909w Firmware, Msm8996au and 69 more | 2024-02-04 | 4.6 MEDIUM | 7.3 HIGH |
| Arbitrary buffer write issue while processing sequence header during HEVC or AVC encoding. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2019-1309 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-04 | 6.8 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0712, CVE-2019-1310, CVE-2019-1399. | |||||
| CVE-2019-13692 | 1 Google | 1 Chrome | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2019-19895 | 1 Ixpdata | 1 Easyinstall | 2024-02-04 | 4.6 MEDIUM | 7.8 HIGH |
| In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\IXP\SW\[PACKAGE_CODE]\EveryLogon.bat, achieve this movement and execute code in the context of other users. | |||||
| CVE-2011-4967 | 2 Openpegasus, Redhat | 2 Tog-pegasus, Enterprise Linux | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| tog-Pegasus has a package hash collision DoS vulnerability | |||||
| CVE-2019-4560 | 1 Ibm | 1 Mq Appliance | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357. | |||||
| CVE-2019-19313 | 1 Gitlab | 1 Gitlab | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits. | |||||
| CVE-2019-1978 | 1 Cisco | 3 Firepower Management Center, Firepower Services Software For Asa, Firepower Threat Defense | 2024-02-04 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. | |||||
| CVE-2012-4524 | 2 Fedoraproject, Sillycycle | 2 Fedora, Xlockmore | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| xlockmore before 5.43 'dclock' security bypass vulnerability | |||||