Total
9738 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6638 | 1 Grin | 1 Grin | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Grin through 2.1.1 has Insufficient Validation. | |||||
| CVE-2012-1326 | 1 Cisco | 1 Ironport Web Security Appliance | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks | |||||
| CVE-2018-9839 | 1 Mantisbt | 1 Mantisbt | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in MantisBT through 1.3.14, and 2.0.0. Using a crafted request on bug_report_page.php (modifying the 'm_id' parameter), any user with REPORTER access or above is able to view any private issue's details (summary, description, steps to reproduce, additional information) when cloning it. By checking the 'Copy issue notes' and 'Copy attachments' checkboxes and completing the clone operation, this data also becomes public (except private notes). | |||||
| CVE-2019-11696 | 1 Mozilla | 1 Firefox | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability affects Firefox < 67. | |||||
| CVE-2018-12196 | 1 Intel | 1 Converged Security Management Engine Firmware | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged user to potentially execute arbitrary code via local access. | |||||
| CVE-2019-0928 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-28 | 5.5 MEDIUM | 6.2 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. | |||||
| CVE-2019-11125 | 1 Intel | 13 Compute Card Cd1c64gk, Compute Card Cd1iv128mk, Compute Card Cd1m3128mk and 10 more | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. | |||||
| CVE-2019-0768 | 1 Microsoft | 3 Internet Explorer, Windows 10, Windows Server 2019 | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761. | |||||
| CVE-2019-9917 | 3 Canonical, Fedoraproject, Znc | 3 Ubuntu Linux, Fedora, Znc | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. | |||||
| CVE-2019-10672 | 1 Symonics | 1 Libmysofa | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| treeRead in hdf/btree.c in libmysofa before 0.7 does not properly validate multiplications and additions. | |||||
| CVE-2019-1594 | 1 Cisco | 12 Nexus 1000v, Nexus 2000, Nexus 3000 and 9 more | 2024-02-28 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the 802.1X implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incomplete input validation of Extensible Authentication Protocol over LAN (EAPOL) frames. An attacker could exploit this vulnerability by sending a crafted EAPOL frame to an interface on the targeted device. A successful exploit could allow the attacker to cause the Layer 2 (L2) forwarding process to restart multiple times, leading to a system-level restart of the device and a DoS condition. Note: This vulnerability affects only NX-OS devices configured with 802.1X functionality. Cisco Nexus 1000V Switch for VMware vSphere devices are affected in versions prior to 5.2(1)SV3(1.4b). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 7.0(3)I7(4). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.3(5)N1(1) and 7.1(5)N1(1b). Nexus 7000 and 7700 Series Switches are affected in versions prior to 8.2(3). Nexus 9000 Series Fabric Switches in ACI Mode are affected in versions prior to 13.2(1l). Nexus 9000 Series Switches in Standalone NX-OS Mode are affected in versions prior to 7.0(3)I7(4). | |||||
| CVE-2018-13906 | 1 Qualcomm | 104 Ipq4019, Ipq4019 Firmware, Ipq8074 and 101 more | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| The HMAC authenticating the message from QSEE is vulnerable to timing side channel analysis leading to potentially forged application message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2019-1830 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-02-28 | 6.8 MEDIUM | 4.9 MEDIUM |
| A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administrator credentials. The vulnerability is due to incorrect input validation of the HTTP URL used to establish a connection to the LSC Certificate Authority (CA). An attacker could exploit this vulnerability by authenticating to the targeted device and configuring a LSC certificate. An exploit could allow the attacker to cause a DoS condition due to an unexpected restart of the device. | |||||
| CVE-2019-1072 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists when Azure DevOps Server and Team Foundation Server (TFS) improperly handle user input, aka 'Azure DevOps Server and Team Foundation Server Remote Code Execution Vulnerability'. | |||||
| CVE-2018-20800 | 1 Otrs | 1 Otrs | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 5.0.31 and 6.0.13. Users updating to 6.0.13 (also patchlevel updates) or 5.0.31 (only major updates) will experience data loss in their agent preferences table. | |||||
| CVE-2018-4429 | 1 Apple | 2 Iphone Os, Watchos | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1.1, watchOS 5.1.2. | |||||
| CVE-2019-1823 | 1 Cisco | 3 Evolved Programmable Network Manager, Network Level Service, Prime Infrastructure | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system. | |||||
| CVE-2017-8341 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Open-Xchange GmbH OX App Suite 7.8.3 and earlier is affected by: Content Spoofing. | |||||
| CVE-2016-10805 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 57.9999.54 allows demo accounts to execute arbitrary code via ajax_maketext_syntax_util.pl (SEC-109). | |||||
| CVE-2018-4346 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue existed which allowed local file access. This was addressed with input sanitization. This issue affected versions prior to macOS Mojave 10.14. | |||||