Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1118 | 1 Google | 1 Chrome | 2020-06-04 | 6.8 MEDIUM | N/A |
| Google Chrome before 9.0.597.107 does not properly handle TEXTAREA elements, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document. | |||||
| CVE-2011-1110 | 1 Google | 1 Chrome | 2020-06-04 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.107 does not properly implement key frame rules, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2020-12062 | 1 Openbsd | 1 Openssh | 2020-06-04 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that "this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol" and "utimes does not fail under normal circumstances." | |||||
| CVE-2011-1204 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-06-04 | 6.8 MEDIUM | N/A |
| Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2011-0908 | 1 Vanillaforums | 1 Vanilla | 2020-06-04 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Target parameter to an unspecified component, a different vulnerability than CVE-2011-0526. | |||||
| CVE-2011-1197 | 1 Google | 1 Chrome | 2020-06-03 | 7.5 HIGH | N/A |
| Google Chrome before 10.0.648.127 does not properly perform table painting, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-1111 | 1 Google | 1 Chrome | 2020-06-03 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.107 does not properly implement forms controls, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-1109 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-06-03 | 7.5 HIGH | N/A |
| Google Chrome before 9.0.597.107 does not properly process nodes in Cascading Style Sheets (CSS) stylesheets, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2019-15709 | 1 Fortinet | 3 Fortiap-s, Fortiap-u, Fortiap-w2 | 2020-06-03 | 8.5 HIGH | 6.5 MEDIUM |
| An improper input validation in FortiAP-S/W2 6.2.0 to 6.2.2, 6.0.5 and below, FortiAP-U 6.0.1 and below CLI admin console may allow unauthorized administrators to overwrite system files via specially crafted tcpdump commands in the CLI. | |||||
| CVE-2020-3623 | 1 Qualcomm | 4 Sm8250, Sm8250 Firmware, Sxr2130 and 1 more | 2020-06-03 | 7.2 HIGH | 7.8 HIGH |
| kernel failure due to load failures while running v1 path directly via kernel in Snapdragon Mobile in SM8250, SXR2130 | |||||
| CVE-2011-1186 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2020-06-02 | 5.0 MEDIUM | N/A |
| Google Chrome before 10.0.648.127 on Linux does not properly handle parallel execution of calls to the print method, which might allow remote attackers to cause a denial of service (application crash) via crafted JavaScript code. | |||||
| CVE-2013-2014 | 2 Fedoraproject, Openstack | 2 Fedora, Keystone | 2020-06-02 | 5.0 MEDIUM | N/A |
| OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests. | |||||
| CVE-2016-6384 | 1 Cisco | 2 Ios, Ios Xe | 2020-06-02 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.17 and 16.2 allow remote attackers to cause a denial of service (device reload) via crafted fields in an H.323 message, aka Bug ID CSCux04257. | |||||
| CVE-2018-19654 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2020-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. There is a discrepancy in username checking between a component that does string validation, and a component that is supposed to query a MySQL database. Thus, it is possible to register a new account with a duplicate username, as demonstrated by use of the test%c2 string when a test account already exists. | |||||
| CVE-2018-20225 | 1 Pypa | 1 Pip | 2020-06-01 | 6.8 MEDIUM | 7.8 HIGH |
| ** DISPUTED ** An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely. | |||||
| CVE-2011-1296 | 2 Apple, Google | 4 Iphone Os, Itunes, Safari and 1 more | 2020-05-29 | 7.5 HIGH | N/A |
| Google Chrome before 10.0.648.204 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-1294 | 1 Google | 1 Chrome | 2020-05-29 | 7.5 HIGH | N/A |
| Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer." | |||||
| CVE-2011-1295 | 2 Apple, Google | 3 Iphone Os, Safari, Chrome | 2020-05-29 | 7.5 HIGH | N/A |
| WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari before 5.0.6, does not properly handle node parentage, which allows remote attackers to cause a denial of service (DOM tree corruption), conduct cross-site scripting (XSS) attacks, or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2011-1436 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2020-05-29 | 5.0 MEDIUM | N/A |
| Google Chrome before 11.0.696.57 on Linux does not properly interact with the X Window System, which allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2020-13634 | 1 Youhua | 1 Windows Master | 2020-05-29 | 6.1 MEDIUM | 7.8 HIGH |
| In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xF1002558 | |||||