Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-8184 | 3 Canonical, Debian, Rack Project | 3 Ubuntu Linux, Debian Linux, Rack | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. | |||||
CVE-2020-3215 | 1 Cisco | 1 Ios Xe | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
A vulnerability in the Virtual Services Container of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device. The vulnerability is due to insufficient validation of a user-supplied open virtual appliance (OVA). An attacker could exploit this vulnerability by installing a malicious OVA on an affected device. | |||||
CVE-2020-0353 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In libmp4extractor, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777526 | |||||
CVE-2020-6333 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
CVE-2020-12066 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. | |||||
CVE-2020-13594 | 1 Espressif | 2 Esp-idf, Esp32 | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. | |||||
CVE-2020-0192 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In ih264d_decode_slice_thread of ih264d_thread_parse_decode.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144687080 | |||||
CVE-2020-0596 | 1 Intel | 2 Active Management Technology Firmware, Service Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
CVE-2020-15704 | 1 Canonical | 2 Ppp, Ubuntu Linux | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The modprobe child process in the ./debian/patches/load_ppp_generic_if_needed patch file incorrectly handled module loading. A local non-root attacker could exploit the MODPROBE_OPTIONS environment variable to read arbitrary root files. Fixed in 2.4.5-5ubuntu1.4, 2.4.5-5.1ubuntu2.3+esm2, 2.4.7-1+2ubuntu1.16.04.3, 2.4.7-2+2ubuntu1.3, 2.4.7-2+4.1ubuntu5.1, 2.4.7-2+4.1ubuntu6. Was ZDI-CAN-11504. | |||||
CVE-2020-12669 | 1 Dolibarr | 1 Dolibarr | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter. | |||||
CVE-2015-9545 | 1 Cross Domain Local Storage Project | 1 Cross Domain Local Storage | 2024-02-28 | 5.8 MEDIUM | 7.1 HIGH |
An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages. | |||||
CVE-2018-21141 | 1 Netgear | 18 R6100, R6100 Firmware, R7500 and 15 more | 2024-02-28 | 2.7 LOW | 4.5 MEDIUM |
Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. | |||||
CVE-2020-3848 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
CVE-2020-8688 | 1 Intel | 1 Raid Web Console 3 | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Improper input validation in the Intel(R) RAID Web Console 3 for Windows* may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
CVE-2020-10967 | 1 Dovecot | 1 Dovecot | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. | |||||
CVE-2018-21078 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018). | |||||
CVE-2018-21259 | 1 Mattermost | 1 Mattermost Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. It allows attackers to cause a denial of service (application hang) via a malformed link in a channel. | |||||
CVE-2020-9829 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5. Processing a maliciously crafted text message may lead to application denial of service. | |||||
CVE-2020-0536 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
CVE-2020-9497 | 3 Apache, Debian, Fedoraproject | 3 Guacamole, Debian Linux, Fedora | 2024-02-28 | 1.2 LOW | 4.4 MEDIUM |
Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection. |