Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-5643 | 1 Cybozu | 1 Garoon | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector. | |||||
CVE-2020-27125 | 1 Cisco | 1 Security Manager | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. | |||||
CVE-2021-3176 | 1 Mitel | 1 Businesscti Enterprise | 2024-02-28 | 6.0 MEDIUM | 8.0 HIGH |
The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data. | |||||
CVE-2020-7849 | 2 Microsoft, Uprism | 2 Windows, Curix | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL. | |||||
CVE-2020-16015 | 1 Google | 1 Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Insufficient data validation in WASM in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2021-25339 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2024-02-28 | 2.1 LOW | 5.2 MEDIUM |
Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory. | |||||
CVE-2021-1469 | 1 Cisco | 1 Jabber | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
CVE-2019-8573 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
An input validation issue was addressed with improved input validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause a system denial of service. | |||||
CVE-2020-24615 | 1 Pexip | 1 Pexip Infinity | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP. | |||||
CVE-2020-24388 | 2 Fedoraproject, Yubico | 2 Fedora, Yubihsm-shell | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service. | |||||
CVE-2020-25643 | 6 Debian, Linux, Netapp and 3 more | 7 Debian Linux, Linux Kernel, H410c and 4 more | 2024-02-28 | 7.5 HIGH | 7.2 HIGH |
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2016-9023 | 1 Exponentcms | 1 Exponent Cms | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php. | |||||
CVE-2020-24649 | 1 Hp | 1 Intelligent Management Center | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
CVE-2021-21506 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potentially exploit this vulnerability, leading to potential privileges escalation. | |||||
CVE-2020-3999 | 2 Apple, Vmware | 4 Mac Os X, Esxi, Fusion and 1 more | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition. | |||||
CVE-2018-16723 | 1 V-secure | 1 Jingyun Antivirus | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12364020. | |||||
CVE-2020-3390 | 1 Cisco | 7 Catalyst 9800-40, Catalyst 9800-80, Catalyst 9800-cl and 4 more | 2024-02-28 | 5.7 MEDIUM | 7.4 HIGH |
A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation of the information used to generate an SNMP trap in relation to a wireless client connection. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, causing a DoS condition. | |||||
CVE-2020-12385 | 1 Intel | 1 Graphics Drivers | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-25765 | 1 Westerndigital | 6 My Cloud Ex4100, My Cloud Expert Series Ex2, My Cloud Firmware and 3 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140. | |||||
CVE-2020-27253 | 1 Rockwellautomation | 1 Factorytalk Linx | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to specifically craft a malicious packet resulting in a denial-of-service condition on the device. |