Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11107 | 1 Intel | 1 Active Management Technology Firmware | 2020-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2019-19398 | 1 Huawei | 2 M5 Lite 10, M5 Lite 10 Firmware | 2020-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify the memory of the device by doing a series of operations. Successful exploit may lead to malicious code execution. | |||||
| CVE-2019-11103 | 1 Intel | 1 Converged Security Management Engine Firmware | 2020-01-02 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-14609 | 1 Intel | 38 Cd1iv128mk, Cd1iv128mk Firmware, Cd1m3128mk and 35 more | 2020-01-02 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-0168 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2020-01-02 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0165 | 1 Intel | 1 Converged Security Management Engine Firmware | 2020-01-02 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2019-11087 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2020-01-02 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of service via local access. | |||||
| CVE-2019-11101 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2020-01-02 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2019-11104 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2020-01-02 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2012-6111 | 2 Debian, Gnome | 2 Debian Linux, Gnome Keyring | 2020-01-02 | 5.0 MEDIUM | 7.5 HIGH |
| gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function | |||||
| CVE-2019-11088 | 1 Intel | 1 Active Management Technology Firmware | 2019-12-31 | 5.8 MEDIUM | 8.8 HIGH |
| Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2019-8502 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-12-31 | 4.3 MEDIUM | 3.3 LOW |
| An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization. | |||||
| CVE-2019-7292 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-12-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. | |||||
| CVE-2019-8503 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2019-12-31 | 9.3 HIGH | 8.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website. | |||||
| CVE-2019-11108 | 1 Intel | 1 Converged Security Management Engine Firmware | 2019-12-31 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient input validation in subsystem for Intel(R) CSME before versions 12.0.45 and 13.0.10 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-18995 | 1 Abb | 1 Pb610 Panel Builder 600 | 2019-12-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting. | |||||
| CVE-2014-5289 | 1 Senkas Kolibri Project | 1 Senkas Kolibri | 2019-12-31 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request. | |||||
| CVE-2019-18994 | 1 Abb | 1 Pb610 Panel Builder 600 | 2019-12-31 | 3.5 LOW | 6.5 MEDIUM |
| Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service. | |||||
| CVE-2019-8549 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-12-30 | 9.3 HIGH | 7.8 HIGH |
| Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2019-8516 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-12-30 | 5.0 MEDIUM | 7.5 HIGH |
| A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. Processing a maliciously crafted string may lead to a denial of service. | |||||