Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-0694 | 1 Sugarcrm | 1 Sugarcrm | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code. | |||||
CVE-2018-21020 | 1 Centreon | 1 Centreon Web | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In very rare cases, a PHP type juggling vulnerability in centreonAuth.class.php in Centreon Web before 2.8.27 allows attackers to bypass authentication mechanisms in place. | |||||
CVE-2020-8124 | 1 Url-parse Project | 1 Url-parse | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. | |||||
CVE-2020-6191 | 1 Sap | 1 Landscape Management | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. | |||||
CVE-2019-0165 | 1 Intel | 1 Converged Security Management Engine Firmware | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2011-2897 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw | |||||
CVE-2019-9394 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116351796 | |||||
CVE-2014-1936 | 2 Debian, Rc Project | 2 Debian Linux, Rc | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
rc before 1.7.1-5 insecurely creates temporary files. | |||||
CVE-2019-11289 | 1 Cloudfoundry | 2 Cf-deployment, Routing-release | 2024-02-28 | 7.8 HIGH | 8.6 HIGH |
Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash. | |||||
CVE-2019-5852 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
CVE-2019-17347 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because a guest can manipulate its virtualised %cr4 in a way that is incompatible with Linux (and possibly other guest kernels). | |||||
CVE-2019-9418 | 1 Google | 1 Android | 2024-02-28 | 7.1 HIGH | 6.5 MEDIUM |
In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111450210 | |||||
CVE-2012-3409 | 2 Debian, Ecryptfs | 2 Debian Linux, Ecryptfs-utils | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation | |||||
CVE-2019-16029 | 1 Cisco | 1 Smart Software Manager On-prem | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition. | |||||
CVE-2019-8561 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4. A malicious application may be able to elevate privileges. | |||||
CVE-2019-17507 | 1 Dlink | 2 Dir-816 A1, Dir-816 A1 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on D-Link DIR-816 A1 1.06 devices. An attacker could access management pages of the router via a client that ignores the 'top.location.href = "/dir_login.asp"' line in a .asp file. This provides access to d_status.asp, version.asp, d_dhcptbl.asp, and d_acl.asp. | |||||
CVE-2019-5864 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. | |||||
CVE-2020-8614 | 1 Askey | 2 Ap4000w, Ap4000w Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code Execution (RCE) by sending a specially crafted network packer to the bd_svr service listening on TCP port 54188. | |||||
CVE-2020-8517 | 3 Canonical, Opensuse, Squid-cache | 3 Ubuntu Linux, Leap, Squid | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy. | |||||
CVE-2010-3359 | 2 Debian, Gargoyle Project | 2 Debian Linux, Gargoyle | 2024-02-28 | 4.4 MEDIUM | 4.8 MEDIUM |
If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account. |