Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-20631 | 1 Cybozu | 1 Office | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors. | |||||
CVE-2020-3577 | 1 Cisco | 1 Firepower Threat Defense | 2024-02-28 | 6.1 MEDIUM | 7.4 HIGH |
A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense (FTD) Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation when Ethernet frames are processed. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker do either of the following: Fill the /ngfw partition on the device: A full /ngfw partition could result in administrators being unable to log in to the device (including logging in through the console port) or the device being unable to boot up correctly. Note: Manual intervention is required to recover from this situation. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition. Cause a process crash: The process crash would cause the device to reload. No manual intervention is necessary to recover the device after the reload. | |||||
CVE-2020-9870 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code. | |||||
CVE-2020-13387 | 1 Pexip | 1 Pexip Infinity | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323. | |||||
CVE-2019-15289 | 1 Cisco | 7 Roomos, Telepresence Collaboration Endpoint, Webex Board 55 and 4 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted traffic to the video service of an affected endpoint. A successful exploit could allow the attacker to cause the video service to crash, resulting in a DoS condition on an affected device. | |||||
CVE-2020-26409 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields. | |||||
CVE-2021-20194 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Openshift Container Platform | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. | |||||
CVE-2021-20273 | 2 Debian, Privoxy | 2 Debian Linux, Privoxy | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in privoxy before 3.0.32. A crash can occur via a crafted CGI request if Privoxy is toggled off. | |||||
CVE-2020-11496 | 1 Sprecher-automation | 1 Sprecon-e | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device. | |||||
CVE-2021-0322 | 1 Google | 1 Android | 2024-02-28 | 1.9 LOW | 5.0 MEDIUM |
In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: Android; Versions: Android-10, Android-11, Android-9; Android ID: A-159145361. | |||||
CVE-2021-1060 | 7 Citrix, Linux, Microsoft and 4 more | 7 Hypervisor, Linux Kernel, Windows and 4 more | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
CVE-2020-15194 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1." | |||||
CVE-2020-3568 | 1 Cisco | 1 Asyncos | 2024-02-28 | 5.0 MEDIUM | 5.8 MEDIUM |
A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device. | |||||
CVE-2018-25002 | 1 Sunhater | 1 Kcfinder | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
uploader.php in the KCFinder integration project through 2018-06-01 for Drupal mishandles validation, aka SA-CONTRIB-2018-024. NOTE: This project is not covered by Drupal's security advisory policy. | |||||
CVE-2020-15292 | 1 Bitdefender | 1 Hypervisor Introspection | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations. | |||||
CVE-2021-27179 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to crash the telnet daemon by sending a certain 0a 65 6e 61 62 6c 65 0a 02 0a 1a 0a string. | |||||
CVE-2020-15964 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-4790 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
IBM Security Identity Governance and Intelligence 5.2.6 could allow a user to cause a denial of service due to improperly validating a supplied URL, rendering the application unusuable. IBM X-Force ID: 189375. | |||||
CVE-2020-11194 | 1 Qualcomm | 458 Aqt1000, Aqt1000 Firmware, Ar8035 and 455 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | |||||
CVE-2020-6567 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |