Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14243 | 1 Haproxy | 1 Proxyprotocol | 2019-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service (webserver panic and daemon crash) via a crafted HAProxy PROXY v2 request with truncated source/destination address data. | |||||
| CVE-2019-19396 | 1 Omniosce | 1 Omnios | 2019-12-16 | 7.8 HIGH | 7.5 HIGH |
| illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences. | |||||
| CVE-2019-15705 | 1 Fortinet | 1 Fortios | 2019-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. | |||||
| CVE-2018-10054 | 2 Cognitect, H2database | 2 Datomic, H2 | 2019-12-13 | 6.5 MEDIUM | 8.8 HIGH |
| H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. | |||||
| CVE-2013-4245 | 2 Debian, Gnome | 2 Debian Linux, Orca | 2019-12-13 | 4.4 MEDIUM | 7.3 HIGH |
| Orca has arbitrary code execution due to insecure Python module load | |||||
| CVE-2019-17555 | 1 Apache | 1 Olingo | 2019-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. If a malicious server returns a huge value in the header, then it can help to implement a DoS attack. | |||||
| CVE-2013-2103 | 1 Redhat | 1 Openshift | 2019-12-13 | 5.5 MEDIUM | 8.1 HIGH |
| OpenShift cartridge allows remote URL retrieval | |||||
| CVE-2019-1484 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-12-13 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. | |||||
| CVE-2019-0604 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2019-12-13 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594. | |||||
| CVE-2019-1471 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-12-12 | 6.5 MEDIUM | 8.2 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | |||||
| CVE-2013-1689 | 1 Mozilla | 1 Firefox | 2019-12-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames. | |||||
| CVE-2013-3634 | 1 Siemens | 7 Scalance X200-4p Irt, Scalance X200irt Firmware, Scalance X201-3p Irt and 4 more | 2019-12-12 | 7.5 HIGH | N/A |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials. | |||||
| CVE-2019-18247 | 1 Abb | 4 Relion 650, Relion 650 Firmware, Relion 670 and 1 more | 2019-12-11 | 7.8 HIGH | 7.5 HIGH |
| An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service. | |||||
| CVE-2019-19249 | 1 Querytreeapp | 1 Querytree | 2019-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations. | |||||
| CVE-2019-15988 | 1 Cisco | 1 Email Security Appliance Firmware | 2019-12-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting the URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device. | |||||
| CVE-2019-15276 | 1 Cisco | 1 Wireless Lan Controller Software | 2019-12-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition. | |||||
| CVE-2012-4576 | 2 Debian, Freebsd | 2 Debian Linux, Freebsd | 2019-12-11 | 7.2 HIGH | 7.8 HIGH |
| FreeBSD: Input Validation Flaw allows local users to gain elevated privileges | |||||
| CVE-2013-0342 | 1 Pyrad Project | 1 Pyrad | 2019-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
| The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294. | |||||
| CVE-2019-15288 | 1 Cisco | 3 Roomos, Telepresence Codec, Telepresence Collaboration Endpoint | 2019-12-10 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE), Cisco TelePresence Codec (TC), and Cisco RoomOS Software could allow an authenticated, remote attacker to escalate privileges to an unrestricted user of the restricted shell. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including specific arguments when opening an SSH connection to an affected device. A successful exploit could allow the attacker to gain unrestricted user access to the restricted shell of an affected device. | |||||
| CVE-2019-5268 | 1 Huawei | 44 Cd10-10, Cd10-10 Firmware, Cd16-10 and 41 more | 2019-12-09 | 4.8 MEDIUM | 8.1 HIGH |
| Some Huawei home routers have an input validation vulnerability. Due to input parameter is not correctly verified, an attacker can exploit this vulnerability by sending special constructed packets to obtain files in the device and upload files to some directories. | |||||