Total
28702 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-3828 | 1 Apple | 2 Ipados, Iphone Os | 2024-02-28 | 2.1 LOW | 2.4 LOW |
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. A person with physical access to an iOS device may be able to access contacts from the lock screen. | |||||
CVE-2019-11749 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
A vulnerability exists in WebRTC where malicious web content can use probing techniques on the getUserMedia API using constraints to reveal device properties of cameras on the system without triggering a user prompt or notification. This allows for the potential fingerprinting of users. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. | |||||
CVE-2019-13710 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. | |||||
CVE-2020-0708 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
A remote code execution vulnerability exists when the Windows Imaging Library improperly handles memory.To exploit this vulnerability, an attacker would first have to coerce a victim to open a specially crafted file.The security update addresses the vulnerability by correcting how the Windows Imaging Library handles memory., aka 'Windows Imaging Library Remote Code Execution Vulnerability'. | |||||
CVE-2020-2684 | 1 Oracle | 1 Flexcube Universal Banking | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
CVE-2020-3759 | 1 Adobe | 1 Digital Editions | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Successful exploitation could lead to information disclosure. | |||||
CVE-2019-6239 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
This issue was addressed with improved handling of file metadata. This issue is fixed in macOS Mojave 10.14.4. A malicious application may bypass Gatekeeper checks. | |||||
CVE-2020-5855 | 2 F5, Microsoft | 3 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client, Windows | 2024-02-28 | 4.6 MEDIUM | 4.3 MEDIUM |
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user. | |||||
CVE-2019-15629 | 1 Trendmicro | 1 Password Manager | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device. | |||||
CVE-2012-5626 | 1 Redhat | 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | |||||
CVE-2019-20403 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The API in Atlassian Jira Server and Data Center before version 8.6.0 allows remote attackers to determine if a Jira project key exists or not via an information disclosure vulnerability. | |||||
CVE-2019-17326 | 1 Clipsoft | 1 Rexpert | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
ClipSoft REXPERT 1.0.0.527 and earlier version allows remote attacker to arbitrary file deletion by issuing a HTTP GET request with a specially crafted parameter. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. | |||||
CVE-2020-2653 | 1 Oracle | 1 Customer Relationship Management Technical Foundation | 2024-02-28 | 5.8 MEDIUM | 8.2 HIGH |
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | |||||
CVE-2019-1372 | 1 Microsoft | 1 Azure App Service On Azure Stack | 2024-02-28 | 10.0 HIGH | 10.0 CRITICAL |
An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'. | |||||
CVE-2020-6413 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page. | |||||
CVE-2020-2596 | 1 Oracle | 1 Crm Technical Foundation | 2024-02-28 | 4.3 MEDIUM | 4.7 MEDIUM |
Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Message Hooks). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N). | |||||
CVE-2019-15719 | 1 Altair | 1 Pbs Professional | 2024-02-28 | 5.2 MEDIUM | 8.0 HIGH |
Altair PBS Professional through 19.1.2 allows Privilege Escalation because an attacker can send a message directly to pbs_mom, which fails to properly authenticate the message. This results in code execution as an arbitrary user. | |||||
CVE-2019-2952 | 1 Oracle | 1 Food And Beverage Applications | 2024-02-28 | 5.8 MEDIUM | 6.1 MEDIUM |
Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | |||||
CVE-2020-1692 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course. | |||||
CVE-2019-15362 | 1 Lavamobiles | 2 Iris 88, Iris 88 Firmware | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88_go/iris88_go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. |