Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-9415 | 1 Angrycreative | 1 Bj Lazy Load | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The bj-lazy-load plugin before 1.0 for WordPress has Remote File Inclusion. | |||||
CVE-2020-4212 | 2 Ibm, Linux | 2 Spectrum Protect, Linux Kernel | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023. | |||||
CVE-2019-11103 | 1 Intel | 1 Converged Security Management Engine Firmware | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2019-9402 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In Bluetooth, there is possible controlled termination due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115372550 | |||||
CVE-2011-0220 | 1 Apple | 1 Bonjour | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet. | |||||
CVE-2014-0048 | 2 Apache, Docker | 2 Geode, Docker | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. | |||||
CVE-2018-12207 | 8 Canonical, Debian, F5 and 5 more | 1533 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 1530 more | 2024-02-28 | 4.9 MEDIUM | 6.5 MEDIUM |
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | |||||
CVE-2015-2689 | 1 Torproject | 1 Tor | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. | |||||
CVE-2019-9433 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 | |||||
CVE-2019-5230 | 1 Huawei | 6 Mate Rs, Mate Rs Firmware, P20 and 3 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform a properly validation of certain input models, an attacker could trick the user to install a malicious application then craft a malformed model, successful exploit could allow the attacker to get and tamper certain output data information. | |||||
CVE-2012-4438 | 1 Jenkins | 1 Jenkins | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code. | |||||
CVE-2019-13675 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page. | |||||
CVE-2019-8723 | 1 Apple | 1 Xcode | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege. | |||||
CVE-2014-2271 | 2 Huawei, Wps | 3 P2-6011, P2-6011 Firmware, Wps Office | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic. | |||||
CVE-2019-1397 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 7.7 HIGH | 8.4 HIGH |
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1398. | |||||
CVE-2016-6589 | 1 Symantec | 1 It Management Suite | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0. | |||||
CVE-2013-0178 | 1 Redislabs | 1 Redis | 2024-02-28 | 3.6 LOW | 5.5 MEDIUM |
Insecure temporary file vulnerability in Redis before 2.6 related to /tmp/redis-%p.vm. | |||||
CVE-2019-9352 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124253062 | |||||
CVE-2019-5856 | 1 Google | 1 Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Insufficient policy enforcement in storage in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
CVE-2020-3170 | 1 Cisco | 16 Mds 9132t, Mds 9148s, Mds 9148t and 13 more | 2024-02-28 | 4.3 MEDIUM | 5.3 MEDIUM |
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the Cisco NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default. |