Total
10067 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9379 | 1 Google | 1 Android | 2024-02-04 | 7.1 HIGH | 6.5 MEDIUM |
| In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124329638 | |||||
| CVE-2019-9397 | 1 Google | 1 Android | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115747410 | |||||
| CVE-2018-1002104 | 1 Kubernetes | 1 Nginx Ingress Controller | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly. | |||||
| CVE-2019-4715 | 1 Ibm | 1 Spectrum Scale | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172093. | |||||
| CVE-2013-5106 | 1 Python-mode Project | 1 Python-mode | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| A Code Execution vulnerability exists in select.py when using python-mode 2012-12-19. | |||||
| CVE-2019-16722 | 1 Zzzcms | 1 Zzzphp | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. | |||||
| CVE-2010-1678 | 1 Osgeo | 1 Mapserver | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Mapserver 5.2, 5.4 and 5.6 before 5.6.5-2 improperly validates symbol index values during Mapfile parsing. | |||||
| CVE-2009-5050 | 1 Konversation | 1 Konversation | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| konversation before 1.2.3 allows attackers to cause a denial of service. | |||||
| CVE-2019-9433 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 | |||||
| CVE-2019-11175 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2020-1860 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability. Attackers that can access to the internal network can exploit this vulnerability with careful deployment. Successful exploit may cause the access control to be bypassed, and attackers can directly access the Internet. | |||||
| CVE-2019-2195 | 1 Google | 1 Android | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139186193 | |||||
| CVE-2020-3166 | 1 Cisco | 19 Adaptive Security Appliance Software, Firepower 1010, Firepower 1120 and 16 more | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS. | |||||
| CVE-2020-6191 | 1 Sap | 1 Landscape Management | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
| SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. | |||||
| CVE-2019-8637 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
| An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to gain root privileges. | |||||
| CVE-2019-10538 | 1 Qualcomm | 54 Msm8909w, Msm8909w Firmware, Msm8996au and 51 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM660, SDX20, SDX24 | |||||
| CVE-2020-8132 | 1 Pdf-image Project | 1 Pdf-image | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input. | |||||
| CVE-2010-2490 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mumble: murmur-server has DoS due to malformed client query | |||||
| CVE-2015-3150 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2024-02-04 | 7.2 HIGH | 7.1 HIGH |
| abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method. | |||||
| CVE-2019-12290 | 1 Gnu | 1 Libidn2 | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated. | |||||