Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-2232 | 1 Google | 1 Android | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140632678 | |||||
CVE-2011-4310 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles. | |||||
CVE-2019-6663 | 1 F5 | 16 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 13 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
The BIG-IP 15.0.0-15.0.1, 14.0.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.1-11.6.5.1, BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1 configuration utility is vulnerable to Anti DNS Pinning (DNS Rebinding) attack. | |||||
CVE-2015-1525 | 1 Google | 1 Android | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address. | |||||
CVE-2019-12701 | 1 Cisco | 2 Firepower Management Center, Vdb Fingerprint Database | 2024-02-28 | 5.0 MEDIUM | 5.8 MEDIUM |
A vulnerability in the file and malware inspection feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass the file and malware inspection policies on an affected system. The vulnerability exists because the affected software insufficiently validates incoming traffic. An attacker could exploit this vulnerability by sending a crafted HTTP request through an affected device. A successful exploit could allow the attacker to bypass the file and malware inspection policies and send malicious traffic through the affected device. | |||||
CVE-2019-16676 | 1 Plataformatec | 1 Simple Form | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Plataformatec Simple Form has Incorrect Access Control in file_method? in lib/simple_form/form_builder.rb, because a user-supplied string is invoked as a method call. | |||||
CVE-2011-4968 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2024-02-28 | 5.8 MEDIUM | 4.8 MEDIUM |
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) | |||||
CVE-2014-5091 | 1 Status2k | 1 Status2k | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code. | |||||
CVE-2019-11175 | 1 Intel | 85 Baseboard Management Controller Firmware, Bbs2600bpb, Bbs2600bpbr and 82 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
CVE-2019-19396 | 1 Omniosce | 1 Omnios | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences. | |||||
CVE-2014-5092 | 1 Status2k | 1 Status2k | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Status2k allows Remote Command Execution in admin/options/editpl.php. | |||||
CVE-2020-6412 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-02-28 | 5.8 MEDIUM | 5.4 MEDIUM |
Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
CVE-2019-16762 | 1 Simpleledger | 1 Slpjs | 2024-02-28 | 4.9 MEDIUM | 6.1 MEDIUM |
A specially crafted Bitcoin script can cause a discrepancy between the specified SLP consensus rules and the validation result of the slpjs npm package. An attacker could create a specially crafted Bitcoin script in order to cause a hard-fork from the SLP consensus. Affected users can upgrade to any version >= 0.21.4. | |||||
CVE-2019-1471 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-28 | 6.5 MEDIUM | 8.2 HIGH |
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | |||||
CVE-2010-2449 | 1 Gource | 1 Gource | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack. | |||||
CVE-2014-1937 | 1 Gamera Project | 1 Gamera | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Gamera before 3.4.1 insecurely creates temporary files. | |||||
CVE-2019-12157 | 1 Jetbrains | 2 Teamcity, Upsource | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
In JetBrains UpSource versions before 2018.2 build 1293, there is credential disclosure via RPC commands. | |||||
CVE-2013-1811 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
An access control issue in MantisBT before 1.2.13 allows users with "Reporter" permissions to change any issue to "New". | |||||
CVE-2013-7333 | 1 Projectfloodlight | 1 Open Sdn Controller | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in version 0.90 of the Open Floodlight SDN controller software could allow an attacker with access to the OpenFlow control network to selectively disconnect individual switches from the SDN controller, causing degradation and eventually denial of network access to all devices connected to the targeted switch. | |||||
CVE-2012-5582 | 1 Opendnssec | 1 Opendnssec | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
opendnssec misuses libcurl API |