Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-9414 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
In wpa_supplicant, there is a possible man in the middle vulnerability due to improper input validation of the basicConstraints field of intermediary certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111893041 | |||||
CVE-2014-9013 | 1 Wpmarketplace Project | 1 Wpmarketplace | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user. | |||||
CVE-2012-3543 | 3 Canonical, Debian, Mono-project | 3 Ubuntu Linux, Debian Linux, Mono | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
mono 2.10.x ASP.NET Web Form Hash collision DoS | |||||
CVE-2019-8724 | 1 Apple | 1 Xcode | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. | |||||
CVE-2011-0529 | 2 Debian, Weborf Project | 2 Debian Linux, Weborf | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP. | |||||
CVE-2012-4524 | 2 Fedoraproject, Sillycycle | 2 Fedora, Xlockmore | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
xlockmore before 5.43 'dclock' security bypass vulnerability | |||||
CVE-2013-3738 | 1 Zabbix | 1 Zabbix | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. | |||||
CVE-2019-11108 | 1 Intel | 1 Converged Security Management Engine Firmware | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2019-1470 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 4.0 MEDIUM | 6.0 MEDIUM |
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Information Disclosure Vulnerability'. | |||||
CVE-2019-8721 | 1 Apple | 1 Xcode | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. | |||||
CVE-2019-8670 | 1 Apple | 2 Mac Os X, Safari | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing. | |||||
CVE-2019-19495 | 1 Technicolor | 2 Tc7230 Steb, Tc7230 Steb Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
The web interface on the Technicolor TC7230 STEB 01.25 is vulnerable to DNS rebinding, which allows a remote attacker to configure the cable modem via JavaScript in a victim's browser. The attacker can then configure the cable modem to port forward the modem's internal TELNET server, allowing external access to a root shell. | |||||
CVE-2019-9467 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
In the Bootloader, there is a possible kernel command injection due to missing command sanitization. This could lead to a local elevation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-80316910 | |||||
CVE-2019-12688 | 1 Cisco | 1 Firepower Management Center | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device. | |||||
CVE-2020-6416 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Insufficient data validation in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-8125 | 1 Klona Project | 1 Klona | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona. | |||||
CVE-2012-6135 | 2 Phusion, Redhat | 2 Passenger, Openshift | 2024-02-28 | 6.4 MEDIUM | 7.5 HIGH |
RubyGems passenger 4.0.0 betas 1 and 2 allows remote attackers to delete arbitrary files during the startup process. | |||||
CVE-2020-3846 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
A buffer overflow was addressed with improved size validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2, iTunes for Windows 12.10.4, iCloud for Windows 11.0, iCloud for Windows 7.17. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution. | |||||
CVE-2015-3150 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2024-02-28 | 7.2 HIGH | 7.1 HIGH |
abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method. | |||||
CVE-2014-2304 | 1 Projectfloodlight | 1 Open Sdn Controller | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could result in a denial of service attack and crashing of the controller service. This effect is the result of a flaw in OpenFlow protocol processing, where specific malformed and mistimed FEATURES_REPLY messages cause the controller service to not delete switch and port data from its internal tracking structures. |