Total
9738 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4651 | 1 Apache | 1 Jclouds | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks. | |||||
| CVE-2019-14082 | 1 Qualcomm | 12 Ipq8074, Ipq8074 Firmware, Mdm9206 and 9 more | 2024-02-28 | 9.4 HIGH | 9.1 CRITICAL |
| Potential buffer over-read due to lack of bound check of memory offset passed in WLAN firmware in Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9207C, MDM9607, QCN7605, SM8150 | |||||
| CVE-2019-9503 | 2 Broadcom, Redhat | 2 Brcmfmac Driver, Enterprise Linux | 2024-02-28 | 7.9 HIGH | 8.3 HIGH |
| The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. | |||||
| CVE-2012-6125 | 1 Call-cc | 1 Chicken | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Chicken before 4.8.0 is susceptible to algorithmic complexity attacks related to hash table collisions. | |||||
| CVE-2019-19279 | 1 Siemens | 2 Siprotec 4, Siprotec Compact | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SIPROTEC 4 and SIPROTEC Compact relays equipped with EN100 Ethernet communication modules (All versions). Specially crafted packets sent to port 50000/UDP of the EN100 Ethernet communication modules could cause a Denial-of-Service of the affected device. A manual reboot is required to recover the service of the device. At the time of advisory publication no public exploitation of this security vulnerability was known to Siemens. | |||||
| CVE-2020-6399 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in AppCache in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2013-0243 | 1 Haskell | 1 Hs-tls | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections | |||||
| CVE-2019-15910 | 1 Asus | 14 As-101, As-101 Firmware, Dl-101 and 11 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack. | |||||
| CVE-2019-13524 | 1 Emerson | 18 Rx3i Cpe100, Rx3i Cpe100 Firmware, Rx3i Cpe115 and 15 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode. | |||||
| CVE-2013-3945 | 1 Extensis | 1 Mrsid | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag. | |||||
| CVE-2019-8711 | 1 Apple | 1 Iphone Os | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| A logic issue existed with the display of notification previews. This issue was addressed with improved validation. This issue is fixed in iOS 13. Notification previews may show on Bluetooth accessories even when previews are disabled. | |||||
| CVE-2019-15265 | 1 Cisco | 10 Aironet 1540, Aironet 1540 Firmware, Aironet 1560 and 7 more | 2024-02-28 | 2.1 LOW | 6.5 MEDIUM |
| A vulnerability in the bridge protocol data unit (BPDU) forwarding functionality of Cisco Aironet Access Points (APs) could allow an unauthenticated, adjacent attacker to cause an AP port to go into an error disabled state. The vulnerability occurs because BPDUs received from specific wireless clients are forwarded incorrectly. An attacker could exploit this vulnerability on the wireless network by sending a steady stream of crafted BPDU frames. A successful exploit could allow the attacker to cause a limited denial of service (DoS) attack because an AP port could go offline. | |||||
| CVE-2019-17346 | 2 Debian, Xen | 2 Debian Linux, Xen | 2024-02-28 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Xen through 4.11.x allowing x86 PV guest OS users to cause a denial of service or gain privileges because of an incompatibility between Process Context Identifiers (PCID) and TLB flushes. | |||||
| CVE-2019-5260 | 1 Huawei | 4 View 20, View 20 Firmware, Y9 2019 and 1 more | 2024-02-28 | 6.1 MEDIUM | 6.5 MEDIUM |
| Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot. | |||||
| CVE-2019-12653 | 1 Cisco | 6 Asr 902, Asr 902u, Asr 903 and 3 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Raw Socket Transport feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper parsing of Raw Socket Transport payloads. An attacker could exploit this vulnerability by establishing a TCP session and then sending a malicious TCP segment via IPv4 to an affected device. This cannot be exploited via IPv6, as the Raw Socket Transport feature does not support IPv6 as a network layer protocol. | |||||
| CVE-2019-11137 | 2 Hpe, Intel | 568 Apollo 4200 Gen10 Server, Apollo 4200 Gen10 Server Firmware, Apollo 4200 Gen9 Server and 565 more | 2024-02-28 | 4.6 MEDIUM | 8.2 HIGH |
| Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||
| CVE-2019-8515 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2019-0070 | 1 Juniper | 3 Junos, Nfx150, Nfx250 | 2024-02-28 | 7.2 HIGH | 8.8 HIGH |
| An Improper Input Validation weakness allows a malicious local attacker to elevate their permissions to take control of other portions of the NFX platform they should not be able to access, and execute commands outside their authorized scope of control. This leads to the attacker being able to take control of the entire system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1 on NFX Series. | |||||
| CVE-2019-8654 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.1. Visiting a malicious website may lead to user interface spoofing. | |||||
| CVE-2019-11104 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||