Total
621 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11303 | 1 Qualcomm | 182 Apq8009, Apq8009 Firmware, Apq8053 and 179 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-10867 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled. | |||||
| CVE-2020-10581 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application. | |||||
| CVE-2020-10271 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR's operations are centered around the framework (ROS). | |||||
| CVE-2020-10238 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors. | |||||
| CVE-2019-9475 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In /proc/net of the kernel filesystem, there is a possible information leak due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-9496886 | |||||
| CVE-2019-8934 | 2 Opensuse, Qemu | 2 Leap, Qemu | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| hw/ppc/spapr.c in QEMU through 3.1.0 allows Information Exposure because the hypervisor shares the /proc/device-tree/system-id and /proc/device-tree/model system attributes with a guest. | |||||
| CVE-2019-8779 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions. | |||||
| CVE-2019-8702 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A local user may be able to read a persistent account identifier. | |||||
| CVE-2019-8308 | 3 Debian, Flatpak, Redhat | 8 Debian Linux, Flatpak, Enterprise Linux Desktop and 5 more | 2024-11-21 | 4.4 MEDIUM | 8.2 HIGH |
| Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file. | |||||
| CVE-2019-4633 | 1 Ibm | 1 Security Secret Server | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Security Secret Server 10.7 could allow an attacker to obtain sensitive information due to an overly permissive CORS policy. IBM X-Force ID: 170007. | |||||
| CVE-2019-4306 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 specifies permissions for a security-critical resource which could lead to the exposure of sensitive information or the modification of that resource by unintended parties. IBM X-Force ID: 160986. | |||||
| CVE-2019-3682 | 1 Suse | 1 Caas Platform | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
| The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node. | |||||
| CVE-2019-3569 | 1 Facebook | 1 Hhvm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HHVM, when used with FastCGI, would bind by default to all available interfaces. This behavior could allow a malicious individual unintended direct access to the application, which could result in information disclosure. This issue affects versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, versions 3.30.5 and below, and all versions in the 4.0, 4.1, and 4.2 series. | |||||
| CVE-2019-20853 | 1 Mattermost | 1 Mattermost Packages | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code execution problem. | |||||
| CVE-2019-20149 | 1 Kind-of Project | 1 Kind-of | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': {'name':'Symbol'}. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result. | |||||
| CVE-2019-1848 | 1 Cisco | 1 Digital Network Architecture Center | 2024-11-21 | 4.8 MEDIUM | 9.3 CRITICAL |
| A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, adjacent attacker to bypass authentication and access critical internal services. The vulnerability is due to insufficient access restriction to ports necessary for system operation. An attacker could exploit this vulnerability by connecting an unauthorized network device to the subnet designated for cluster services. A successful exploit could allow an attacker to reach internal services that are not hardened for external access. | |||||
| CVE-2019-19015 | 1 Titanhq | 1 Webtitan | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in TitanHQ WebTitan before 5.18. The proxy service (which is typically exposed to all users) allows connections to the internal PostgreSQL database of the appliance. By connecting to the database through the proxy (without password authentication), an attacker is able to fully control the appliance database. Through this, several different paths exist to gain further access, or execute code. | |||||
| CVE-2019-18954 | 1 Netease | 1 Pomelo | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input. | |||||
| CVE-2019-16541 | 1 Jenkins | 1 Jira | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| Jenkins JIRA Plugin 3.0.10 and earlier does not declare the correct (folder) scope for per-folder Jira site definitions, allowing users to select and use credentials with System scope. | |||||