Total
28702 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-19194 | 1 Telink-semi | 10 Tlsr8232, Tlsr8232 Ble Sdk, Tlsr8251 and 7 more | 2024-02-28 | 5.8 MEDIUM | 8.8 HIGH |
| The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation on Telink Semiconductor BLE SDK versions before November 2019 for TLSR8x5x through 3.4.0, TLSR823x through 1.3.0, and TLSR826x through 3.3 devices installs a zero long term key (LTK) if an out-of-order link-layer encryption request is received during Secure Connections pairing. An attacker in radio range can have arbitrary read/write access to protected GATT service data, cause a device crash, or possibly control a device's function by establishing an encrypted session with the zero LTK. | |||||
| CVE-2019-11738 | 2 Mozilla, Opensuse | 3 Firefox, Firefox Esr, Leap | 2024-02-28 | 6.8 MEDIUM | 6.3 MEDIUM |
| If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes the empty string as input, execution of any javascript: URIs will be allowed. This could allow for malicious JavaScript content to be run, bypassing CSP permissions. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | |||||
| CVE-2020-0706 | 1 Microsoft | 8 Edge, Internet Explorer, Windows 10 and 5 more | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists in the way that affected Microsoft browsers handle cross-origin requests, aka 'Microsoft Browser Information Disclosure Vulnerability'. | |||||
| CVE-2019-16722 | 1 Zzzcms | 1 Zzzphp | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. | |||||
| CVE-2020-5856 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart. | |||||
| CVE-2020-2659 | 6 Canonical, Debian, Netapp and 3 more | 23 Ubuntu Linux, Debian Linux, Active Iq Unified Manager and 20 more | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2019-16877 | 1 Portainer | 1 Portainer | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Portainer before 1.22.1 has Incorrect Access Control (issue 4 of 4). | |||||
| CVE-2020-1857 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authenticated attacker can exploit this vulnerability through a series of operations. Successful exploitation may cause information leakage. | |||||
| CVE-2019-15595 | 1 Ui | 1 Unifi Video Controller | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands. | |||||
| CVE-2019-12523 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost. | |||||
| CVE-2014-5013 | 1 Dompdf Project | 1 Dompdf | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383. | |||||
| CVE-2019-8121 | 1 Magento | 1 Magento | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities. | |||||
| CVE-2019-15414 | 1 Asus | 2 Zenfone Ar, Zenfone Ar Firmware | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | |||||
| CVE-2019-8236 | 3 Adobe, Apple, Microsoft | 3 Creative Cloud, Macos, Windows | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user. | |||||
| CVE-2019-16900 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Advantech WebAccess/HMI Designer 2.1.9.31 has a User Mode Write AV starting at MSVCR90!memcpy+0x000000000000015c. | |||||
| CVE-2019-11156 | 1 Intel | 14 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 7265 \(rev D\) and 11 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Logic errors in Intel(R) PROSet/Wireless WiFi Software before version 21.40 may allow an authenticated user to potentially enable escalation of privilege, denial of service, and information disclosure via local access. | |||||
| CVE-2020-5957 | 2 Microsoft, Nvidia | 6 Windows, Geforce Experience, Quadro and 3 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which an attacker with local system access can corrupt a system file, which may lead to denial of service or escalation of privileges. | |||||
| CVE-2019-18251 | 2 Omron, Teamviewer | 2 Cx-supervisor, Teamviewer | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervisor ships with Teamviewer Version 5.0.8703 QS. This version of Teamviewer is vulnerable to an obsolete function vulnerability requiring user interaction to exploit. | |||||
| CVE-2018-20853 | 1 Mailpoet | 1 Mailpoet Newsletters | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the MailPoet Newsletters (aka wysija-newsletters) plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks. | |||||
| CVE-2020-2563 | 1 Oracle | 1 Hyperion Financial Close Management | 2024-02-28 | 2.1 LOW | 4.2 MEDIUM |
| Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N). | |||||