Total
9738 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21036 | 1 Sailsjs | 1 Sails | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request. | |||||
| CVE-2019-20848 | 1 Mattermost | 1 Mattermost Mobile | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies. | |||||
| CVE-2020-10374 | 1 Paessler | 1 Prtg Network Monitor | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form. | |||||
| CVE-2020-0173 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Parse_lins of eas_mdls.c, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127313764 | |||||
| CVE-2020-3370 | 1 Cisco | 1 Email Security Appliance | 2024-02-28 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted, malicious HTTP request to an affected device. A successful exploit could allow the attacker to redirect users to malicious sites. | |||||
| CVE-2020-24376 | 1 Free | 10 Freebox Delta, Freebox Delta Firmware, Freebox Mini and 7 more | 2024-02-28 | 6.8 MEDIUM | 9.6 CRITICAL |
| A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3. | |||||
| CVE-2020-24359 | 1 Hashicorp | 1 Vault-ssh-helper | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0. | |||||
| CVE-2020-3314 | 1 Cisco | 1 Advanced Malware Protection For Endpoints | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connector and a denial of service (DoS) condition of the Cisco AMP for Endpoints service. The vulnerability is due to insufficient input validation of specific file attributes. An attacker could exploit this vulnerability by providing a crafted file to a user of an affected system. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash, resulting in missed detection and logging of the potentially malicious file. Continued attempts to scan the file could result in a DoS condition of the Cisco AMP for Endpoints service. | |||||
| CVE-2018-21092 | 1 Google | 1 Android | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018). | |||||
| CVE-2017-18685 | 1 Google | 1 Android | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. The InputMethod application can cause a system crash via a malformed serializable object in an Intent. The Samsung ID is SVE-2016-7123 (February 2017). | |||||
| CVE-2020-11890 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration. | |||||
| CVE-2020-3357 | 1 Cisco | 8 Rv340 Dual Wan Gigabit Vpn Router, Rv340 Dual Wan Gigabit Vpn Router Firmware, Rv340w Dual Wan Gigabit Wireless-ac Vpn Router and 5 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of service (DoS) condition. The vulnerability exists because HTTP requests are not properly validated. An attacker could exploit this vulnerability by sending a crafted HTTP request over an SSL connection to an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device or cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2019-19415 | 1 Huawei | 100 Ar120-s, Ar120-s Firmware, Ar1200 and 97 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en. | |||||
| CVE-2019-0147 | 1 Intel | 13 Ethernet 700 Series Software, Ethernet Controller 710-bm1, Ethernet Controller 710-bm1 Firmware and 10 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | |||||
| CVE-2020-7957 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages. | |||||
| CVE-2019-11088 | 1 Intel | 1 Active Management Technology Firmware | 2024-02-28 | 5.8 MEDIUM | 8.8 HIGH |
| Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2019-1978 | 1 Cisco | 3 Firepower Management Center, Firepower Services Software For Asa, Firepower Threat Defense | 2024-02-28 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. | |||||
| CVE-2019-7589 | 1 Johnsoncontrols | 1 Entrapass | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and prior; Kantech EntraPass Global Edition versions 8.0 and prior. | |||||
| CVE-2019-9398 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115745406 | |||||
| CVE-2011-3611 | 1 Usebb | 1 Usebb | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12. | |||||