Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3170 | 1 Cisco | 16 Mds 9132t, Mds 9148s, Mds 9148t and 13 more | 2020-03-03 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the Cisco NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default. | |||||
| CVE-2020-8132 | 1 Pdf-image Project | 1 Pdf-image | 2020-03-03 | 7.5 HIGH | 9.8 CRITICAL |
| Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input. | |||||
| CVE-2020-3839 | 1 Apple | 1 Mac Os X | 2020-03-02 | 2.1 LOW | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.3. An application may be able to read restricted memory. | |||||
| CVE-2017-9090 | 1 Allen Disk Project | 1 Allen Disk | 2020-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| reg.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code'])==1, which makes it possible to bypass the CAPTCHA via an empty $_POST['captcha']. | |||||
| CVE-2017-9091 | 1 Allen Disk Project | 1 Allen Disk | 2020-03-02 | 5.0 MEDIUM | 7.5 HIGH |
| /admin/loginc.php in Allen Disk 1.6 doesn't check if isset($_SESSION['captcha']['code']) == 1, which leads to CAPTCHA bypass by emptying $_POST['captcha']. | |||||
| CVE-2015-2923 | 1 Freebsd | 1 Freebsd | 2020-02-28 | 3.3 LOW | 6.5 MEDIUM |
| The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. | |||||
| CVE-2015-4410 | 2 Fedoraproject, Moped Project | 2 Fedora, Moped | 2020-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string. | |||||
| CVE-2015-1425 | 1 Jakweb | 1 Gecko Cms | 2020-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities | |||||
| CVE-2014-4651 | 1 Apache | 1 Jclouds | 2020-02-27 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that the jclouds scriptbuilder Statements class wrote a temporary file to a predictable location. An attacker could use this flaw to access sensitive data, cause a denial of service, or perform other attacks. | |||||
| CVE-2018-21033 | 4 Hitachi, Linux, Microsoft and 1 more | 11 Automation Director, Compute Systems Manager, Device Manager and 8 more | 2020-02-27 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Automation Director prior to 8.6.2-00 and Hitachi Infrastructure Analytics Advisor prior to 4.2.0-00 allow authenticated remote users to load an arbitrary Cascading Style Sheets (CSS) token sequence. Hitachi Command Suite includes Hitachi Device Manager, Hitachi Tiered Storage Manager, Hitachi Replication Manager, Hitachi Tuning Manager, Hitachi Global Link Manager and Hitachi Compute Systems Manager. | |||||
| CVE-2010-2246 | 1 Feh Project | 1 Feh | 2020-02-27 | 5.1 MEDIUM | N/A |
| feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL. | |||||
| CVE-2019-19192 | 1 St | 2 Bluenrg-2, Wb55 | 2020-02-26 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Low Energy implementation on STMicroelectronics BLE Stack through 1.3.1 for STM32WB5x devices does not properly handle consecutive Attribute Protocol (ATT) requests on reception, allowing attackers in radio range to cause an event deadlock or crash via crafted packets. | |||||
| CVE-2013-1946 | 2 Drupal, Restful Web Services Project | 2 Drupal, Restful Web Services | 2020-02-26 | 4.3 MEDIUM | N/A |
| The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET request with an HTTP Accept header set to a non-HTML type, which can "interfere with Drupal's page cache." | |||||
| CVE-2014-9378 | 1 Ettercap-project | 1 Ettercap | 2020-02-26 | 7.5 HIGH | N/A |
| Ettercap 0.8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encoded password to the dissector_imap function in dissectors/ec_imap.c. | |||||
| CVE-2014-4657 | 1 Redhat | 1 Ansible | 2020-02-25 | 7.5 HIGH | 9.8 CRITICAL |
| The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. | |||||
| CVE-2019-20045 | 1 S3india | 2 Husky Rtu 6049-e70, Husky Rtu 6049-e70 Firmware | 2020-02-25 | 7.8 HIGH | 7.5 HIGH |
| The Synergy Systems & Solutions PLC & RTU system has a vulnerability in HUSKY RTU 6049-E70 firmware versions 5.0 and prior. Specially crafted malicious packets could cause disconnection of active authentic connections or reboot of device. This is a different issue than CVE-2019-16879 and CVE-2019-20046. | |||||
| CVE-2018-11574 | 1 Point-to-point Protocol Project | 1 Point-to-point Protocol | 2020-02-24 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the `refuse-app` option are unaffected. | |||||
| CVE-2013-3707 | 1 Novell | 1 Open Enterprise Server | 2020-02-24 | 4.3 MEDIUM | N/A |
| The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_shutdown calls for the close of a TCP connection, which allows remote attackers to cause a denial of service (service crash) by establishing many TCP connections to port 8009. | |||||
| CVE-2020-3160 | 1 Cisco | 1 Meeting Server | 2020-02-24 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) feature of Cisco Meeting Server software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition for users of XMPP conferencing applications. Other applications and processes are unaffected. The vulnerability is due to improper input validation of XMPP packets. An attacker could exploit this vulnerability by sending crafted XMPP packets to an affected device. An exploit could allow the attacker to cause process crashes and a DoS condition for XMPP conferencing applications. | |||||
| CVE-2013-3738 | 1 Zabbix | 1 Zabbix | 2020-02-20 | 7.5 HIGH | 9.8 CRITICAL |
| A File Inclusion vulnerability exists in Zabbix 2.0.6 due to inadequate sanitization of request strings in CGI scripts, which could let a remote malicious user execute arbitrary code. | |||||