Total
10067 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-5159 | 1 Wago | 1 E\!cockpit | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of executing a firmware update, potentially resulting in code execution. An attacker can create a malicious firmware update package file using any zip utility. The user must initiate a firmware update through e!COCKPIT and choose the malicious wup file using the file browser to trigger the vulnerability. | |||||
| CVE-2019-5858 | 2 Apple, Google | 2 Macos, Chrome | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
| Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2013-4103 | 1 Cryptocat Project | 1 Cryptocat | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input | |||||
| CVE-2012-3460 | 1 Redhat | 1 Enterprise Mrg | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| cumin: At installation postgresql database user created without password | |||||
| CVE-2020-1843 | 1 Huawei | 10 Hege-560, Hege-560 Firmware, Osca-550 and 7 more | 2024-02-04 | 4.6 MEDIUM | 6.8 MEDIUM |
| Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation. | |||||
| CVE-2010-3373 | 2 Debian, Grsecurity | 2 Debian Linux, Paxtest | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
| paxtest handles temporary files insecurely | |||||
| CVE-2013-4409 | 3 Fedoraproject, Redhat, Reviewboard | 4 Fedora, Enterprise Linux, Djblets and 1 more | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. | |||||
| CVE-2019-5862 | 1 Google | 1 Chrome | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in AppCache in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2018-11782 | 1 Apache | 1 Subversion | 2024-02-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server. | |||||
| CVE-2019-5211 | 1 Huawei | 2 P20, P20 Firmware | 2024-02-04 | 4.3 MEDIUM | 5.7 MEDIUM |
| The Huawei Share function of P20 phones with versions earlier than Emily-L29C 9.1.0.311 has an improper file management vulnerability. The attacker tricks the victim to perform certain operations on the mobile phone during file transfer. Because the file is not properly processed, successfully exploit may cause some files on the victim's mobile phone are deleted. | |||||
| CVE-2011-2808 | 1 Google | 1 Blink | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed. | |||||
| CVE-2010-3375 | 1 Qtparted Project | 1 Qtparted | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| qtparted has insecure library loading which may allow arbitrary code execution | |||||
| CVE-2019-3416 | 1 Zte | 2 Zxv10 B860a, Zxv10 B860a Firmware | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| All versions up to V81511329.1008 of ZTE ZXV10 B860A products are impacted by input validation vulnerability. Due to input validation, unauthorized users can take advantage of this vulnerability to control the user terminal system. | |||||
| CVE-2013-2093 | 1 Dolibarr | 1 Dolibarr | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
| Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2011-1028 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file. | |||||
| CVE-2018-11830 | 1 Qualcomm | 16 Mdm9206, Mdm9206 Firmware, Mdm9607 and 13 more | 2024-02-04 | 7.2 HIGH | 7.8 HIGH |
| Improper input validation in QCPE create function may lead to integer overflow in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 410/12, SD 820A | |||||
| CVE-2019-5285 | 1 Huawei | 28 S12700, S12700 Firmware, S1700 and 25 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| Some Huawei S series switches have a DoS vulnerability. An unauthenticated remote attacker can send crafted packets to the affected device to exploit this vulnerability. Due to insufficient verification of the packets, successful exploitation may cause the device reboot and denial of service (DoS) condition. (Vulnerability ID: HWPSIRT-2019-03109) | |||||
| CVE-2019-5803 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2024-02-04 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2019-9599 | 1 Airdroid | 1 Airdroid | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
| The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service (service crash) via many simultaneous sdctl/comm/lite_auth/ requests. | |||||
| CVE-2019-9832 | 1 Airdrop Project | 1 Airdrop | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| The AirDrop application through 2.0 for Android allows remote attackers to cause a denial of service via a client that makes many socket connections through a configured port. | |||||