Total
9738 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-19298 | 1 Siemens | 1 Sinvr\/sivms Video Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0), SiNVR/SiVMS Video Server (All versions >= V5.0.0 < V5.0.2). The streaming service (default port 5410/tcp) of the SiVMS/SiNVR Video Server contains a input validation vulnerability, that could allow an unauthenticated remote attacker to cause a Denial-of-Service condition by sending malformed HTTP requests. | |||||
CVE-2020-6977 | 1 Ge | 32 Invenia Abus Scan Station, Invenia Abus Scan Station Firmware, Logiq E10 and 29 more | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5 | |||||
CVE-2013-3718 | 4 Debian, Gnome, Opensuse and 1 more | 4 Debian Linux, Evince, Opensuse and 1 more | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
evince is missing a check on number of pages which can lead to a segmentation fault | |||||
CVE-2020-9013 | 1 Arvato | 1 Skillpipe | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code. | |||||
CVE-2019-10506 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24 | |||||
CVE-2020-8132 | 1 Pdf-image Project | 1 Pdf-image | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input. | |||||
CVE-2014-0091 | 1 Theforeman | 1 Foreman | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Foreman has improper input validation which could lead to partial Denial of Service | |||||
CVE-2020-0606 | 1 Microsoft | 10 .net Core, .net Framework, Windows 10 and 7 more | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605. | |||||
CVE-2013-1816 | 4 Debian, Fedoraproject, Mediawiki and 1 more | 4 Debian Linux, Fedora, Mediawiki and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
MediaWiki before 1.19.4 and 1.20.x before 1.20.3 allows remote attackers to cause a denial of service (application crash) by sending a specially crafted request. | |||||
CVE-2020-3147 | 1 Cisco | 114 Sf300-08, Sf300-08 Firmware, Sf300-24 and 111 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18 | |||||
CVE-2019-15914 | 1 Mi | 10 Dgnwg03lm, Dgnwg03lm Firmware, Mccgq01lm and 7 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on Xiaomi DGNWG03LM, ZNCZ03LM, MCCGQ01LM, WSDCGQ01LM, RTCGQ01LM devices. Attackers can use the ZigBee trust center rejoin procedure to perform mutiple denial of service attacks. | |||||
CVE-2015-2784 | 1 Papercrop Project | 1 Papercrop | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input. | |||||
CVE-2010-3439 | 3 Cor-entertainment, Debian, Fedoraproject | 3 Alien-arena, Debian Linux, Fedora | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command. | |||||
CVE-2019-12689 | 1 Cisco | 1 Firepower Management Center | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system of an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending malicious commands to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device. | |||||
CVE-2019-5700 | 2 Google, Nvidia | 2 Android, Shield Experience | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. | |||||
CVE-2019-14609 | 1 Intel | 38 Cd1iv128mk, Cd1iv128mk Firmware, Cd1m3128mk and 35 more | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
Improper input validation in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2019-1230 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-02-28 | 4.0 MEDIUM | 6.8 MEDIUM |
An information disclosure vulnerability exists when the Windows Hyper-V Network Switch on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V Information Disclosure Vulnerability'. | |||||
CVE-2020-6177 | 1 Sap | 1 Mobile Platform | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server. | |||||
CVE-2012-4603 | 2 Citrix, Microsoft | 3 Receiver, Xenapp Online, Windows | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver. | |||||
CVE-2011-0703 | 2 Debian, Gksu-polkit Project | 2 Debian Linux, Gksu-polkit | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session. |