Total
476 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-10604 | 1 Osisoft | 1 Pi Data Archive | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive. | |||||
CVE-2020-1071 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog, aka 'Windows Remote Access Common Dialog Elevation of Privilege Vulnerability'. | |||||
CVE-2020-2075 | 1 Sick | 60 Clv620, Clv620 Firmware, Clv621 and 57 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Platform mechanism AutoIP allows remote attackers to reboot the device via a crafted packet in SICK AG solutions Bulkscan LMS111, Bulkscan LMS511, CLV62x – CLV65x, ICR890-3, LMS10x, LMS11x, LMS15x, LMS12x, LMS13x, LMS14x, LMS5xx, LMS53x, MSC800, RFH. | |||||
CVE-2020-0512 | 1 Intel | 1 Graphics Drivers | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Uncaught exception in the system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 may allow an authenticated user to potentially enable denial of service via local access. | |||||
CVE-2020-13410 | 1 Aedes Project | 1 Aedes | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream. | |||||
CVE-2017-18670 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. android.intent.action.SIOP_LEVEL_CHANGED allows a serializable intent reboot. The Samsung ID is SVE-2017-8363 (May 2017). | |||||
CVE-2020-24753 | 1 Objective Open Cbor Run-time Project | 1 Objective Open Cbor Run-time | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings leads to the use of an attacker-controllable uninitialized stack value. This can be used to modify memory, causing a crash or potentially exploitable heap corruption. | |||||
CVE-2020-0511 | 1 Intel | 1 Graphics Driver | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Uncaught exception in system driver for Intel(R) Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access. | |||||
CVE-2020-7693 | 1 Sockjs Project | 1 Sockjs | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Incorrect handling of Upgrade header with the value websocket leads in crashing of containers hosting sockjs apps. This affects the package sockjs before 0.3.20. | |||||
CVE-2020-2756 | 7 Canonical, Debian, Fedoraproject and 4 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
CVE-2017-18663 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered on Samsung mobile devices with N(7.x) software. Because of missing Intent exception handling, system_server can have a NullPointerException with a crash of a system process. The Samsung IDs are SVE-2017-9122, SVE-2017-9123, SVE-2017-9124, and SVE-2017-9126 (July 2017). | |||||
CVE-2017-18659 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can crash system processes via a broadcast to AdaptiveDisplayColorService. The Samsung ID is SVE-2017-8290 (July 2017). | |||||
CVE-2017-18672 | 1 Google | 1 Android | 2024-02-28 | 4.9 MEDIUM | 5.5 MEDIUM |
An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. Because of incorrect exception handling for Intents, a local attacker can force a reboot within framework.jar. The Samsung ID is SVE-2017-8390 (May 2017). | |||||
CVE-2016-11026 | 1 Google | 1 Android | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Samsung ID is SVE-2016-7118 (December 2016). | |||||
CVE-2020-13467 | 1 Cksic | 2 Cks32f103, Cks32f103 Firmware | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling. | |||||
CVE-2019-6842 | 1 Schneider-electric | 8 Modicon 140cra, Modicon 140cra Firmware, Modicon Bmxcra and 5 more | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules (all firmware versions), which could cause a Denial of Service attack on the PLC when upgrading the firmware with a missing web server image inside the package using FTP protocol. | |||||
CVE-2019-0144 | 1 Intel | 13 Ethernet 700 Series Software, Ethernet Controller 710-bm1, Ethernet Controller 710-bm1 Firmware and 10 more | 2024-02-28 | 4.9 MEDIUM | 6.5 MEDIUM |
Unhandled exception in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | |||||
CVE-2009-5043 | 2 Burn Project, Debian | 2 Burn, Debian Linux | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
burn allows file names to escape via mishandled quotation marks | |||||
CVE-2019-1342 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1315, CVE-2019-1339. | |||||
CVE-2019-12677 | 1 Cisco | 11 Adaptive Security Appliance Software, Asa 5505, Asa 5510 and 8 more | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition that prevents the creation of new SSL/Transport Layer Security (TLS) connections to an affected device. The vulnerability is due to incorrect handling of Base64-encoded strings. An attacker could exploit this vulnerability by opening many SSL VPN sessions to an affected device. The attacker would need to have valid user credentials on the affected device to exploit this vulnerability. A successful exploit could allow the attacker to overwrite a special system memory location, which will eventually result in memory allocation errors for new SSL/TLS sessions to the device, preventing successful establishment of these sessions. A reload of the device is required to recover from this condition. Established SSL/TLS connections to the device and SSL/TLS connections through the device are not affected. Note: Although this vulnerability is in the SSL VPN feature, successful exploitation of this vulnerability would affect all new SSL/TLS sessions to the device, including management sessions. |