Total
9736 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-13143 | 1 Shenzhen Dragon Brothers | 2 Fb50, Fb50 Firmware | 2024-02-28 | 9.0 HIGH | 9.8 CRITICAL |
An HTTP parameter pollution issue was discovered on Shenzhen Dragon Brothers Fingerprint Bluetooth Round Padlock FB50 2.3. With the user ID, user name, and the lock's MAC address, anyone can unbind the existing owner of the lock, and bind themselves instead. This leads to complete takeover of the lock. The user ID, name, and MAC address are trivially obtained from APIs found within the Android or iOS application. With only the MAC address of the lock, any attacker can transfer ownership of the lock from the current user, over to the attacker's account. Thus rendering the lock completely inaccessible to the current user. | |||||
CVE-2019-1843 | 1 Cisco | 6 Rv110w, Rv110w Firmware, Rv130w and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to reload the device and causing a DoS condition. | |||||
CVE-2019-5793 | 2 Google, Opensuse | 3 Chrome, Backports, Leap | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. | |||||
CVE-2019-5680 | 1 Nvidia | 2 Jetson Tx1, Jetson Tx1 Firmware | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
In NVIDIA Jetson TX1 L4T R32 version branch prior to R32.2, Tegra bootloader contains a vulnerability in nvtboot in which the nvtboot-cpu image is loaded without the load address first being validated, which may lead to code execution, denial of service, or escalation of privileges. | |||||
CVE-2016-10824 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 9.3 HIGH | 9.8 CRITICAL |
cPanel before 55.9999.141 allows unauthenticated arbitrary code execution via DNS NS entry poisoning (SEC-90). | |||||
CVE-2019-0690 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 5.5 MEDIUM | 6.8 MEDIUM |
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0695, CVE-2019-0701. | |||||
CVE-2019-9085 | 1 Digitaldruid | 1 Hoteldruid | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Hoteldruid before v2.3.1 allows remote authenticated users to cause a denial of service (invoice-creation outage) via the n_file parameter to visualizza_contratto.php with invalid arguments (any non-numeric value), as demonstrated by the anno=2019&id_transazione=1&numero_contratto=1&n_file=a query string to visualizza_contratto.php. | |||||
CVE-2018-19642 | 1 Microfocus | 1 Solutions Business Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Denial of service issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | |||||
CVE-2017-18460 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
cPanel before 62.0.17 allows arbitrary code execution during automatic SSL installation (SEC-221). | |||||
CVE-2017-18388 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
cPanel before 68.0.15 can perform unsafe file operations because Jailshell does not set the umask (SEC-315). | |||||
CVE-2018-4389 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
An inconsistent user interface issue was addressed with improved state management. This issue affected versions prior to macOS Mojave 10.14.1. | |||||
CVE-2019-1740 | 1 Cisco | 2 Ios, Ios Xe | 2024-02-28 | 7.8 HIGH | 8.6 HIGH |
A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | |||||
CVE-2019-2051 | 1 Google | 1 Android | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
In heap of spaces.h, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure when processing a proxy auto config file with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117555811 | |||||
CVE-2016-10899 | 1 Fabrix | 1 Total Security | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability. | |||||
CVE-2019-0711 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-02-28 | 5.5 MEDIUM | 6.8 MEDIUM |
A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-0710, CVE-2019-0713. | |||||
CVE-2019-14978 | 1 Woocommerce | 1 Payu India Payment Gateway | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
/payu/icpcheckout/ in the WooCommerce PayU India Payment Gateway plugin 2.1.1 for WordPress allows Parameter Tampering in the purchaseQuantity=1 parameter, as demonstrated by purchasing an item for lower than the intended price. | |||||
CVE-2017-18443 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.0 MEDIUM | 5.8 MEDIUM |
cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding (SEC-247). | |||||
CVE-2019-9453 | 2 Canonical, Google | 2 Ubuntu Linux, Android | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation. | |||||
CVE-2019-9851 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6. | |||||
CVE-2018-15730 | 1 Stopzilla | 1 Antimalware | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x80002067. |