Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27130 | 1 Cisco | 1 Security Manager | 2020-11-30 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device. | |||||
| CVE-2020-0599 | 1 Intel | 122 Atom 230, Atom 230 Firmware, Atom 330 and 119 more | 2020-11-30 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper access control in the PMC for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-6157 | 1 Opera | 1 Opera Touch | 2020-11-30 | 4.3 MEDIUM | 4.3 MEDIUM |
| Opera Touch for iOS before version 2.4.5 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data. | |||||
| CVE-2020-25473 | 1 Newsscriptphp | 1 News Script Php Pro | 2020-11-30 | 6.4 MEDIUM | 6.5 MEDIUM |
| SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies. | |||||
| CVE-2018-20802 | 1 Mongodb | 1 Mongodb | 2020-11-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.9, v4.0 versions prior to 4.0.3. | |||||
| CVE-2019-20923 | 1 Mongodb | 1 Mongodb | 2020-11-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.7. | |||||
| CVE-2020-12311 | 1 Intel | 30 Optane Ssd 900p, Optane Ssd 900p Firmware, Optane Ssd 905p and 27 more | 2020-11-24 | 2.1 LOW | 4.6 MEDIUM |
| Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
| CVE-2020-3574 | 1 Cisco | 16 Ip Dect 210, Ip Dect 210 Firmware, Ip Dect 6825 and 13 more | 2020-11-24 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition. | |||||
| CVE-2020-12310 | 1 Intel | 30 Optane Ssd 900p, Optane Ssd 900p Firmware, Optane Ssd 905p and 27 more | 2020-11-24 | 2.1 LOW | 4.6 MEDIUM |
| Insufficient control flow managementin firmware in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
| CVE-2020-12308 | 1 Intel | 1 Computing Improvement Program | 2020-11-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged user to potentially enable information disclosure via network access. | |||||
| CVE-2006-6579 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 4.4 MEDIUM | N/A |
| Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. | |||||
| CVE-2006-0026 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 6.5 MEDIUM | N/A |
| Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). | |||||
| CVE-1999-0412 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 7.5 HIGH | N/A |
| In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. | |||||
| CVE-1999-0450 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 7.5 HIGH | N/A |
| In IIS, an attacker could determine a real path using a request for a non-existent URL that would be interpreted by Perl (perl.exe). | |||||
| CVE-2002-0869 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 7.5 HIGH | N/A |
| Unknown vulnerability in the hosting process (dllhost.exe) for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allows remote attackers to gain privileges by executing an out of process application that acquires LocalSystem privileges, aka "Out of Process Privilege Elevation." | |||||
| CVE-1999-0233 | 1 Microsoft | 1 Internet Information Services | 2020-11-23 | 10.0 HIGH | N/A |
| IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files. | |||||
| CVE-2002-1908 | 1 Microsoft | 1 Internet Information Services | 2020-11-23 | 5.0 MEDIUM | N/A |
| Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters. | |||||
| CVE-2002-0147 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 7.5 HIGH | N/A |
| Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun." | |||||
| CVE-2003-0223 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message. | |||||
| CVE-2002-0074 | 1 Microsoft | 2 Internet Information Server, Internet Information Services | 2020-11-23 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. | |||||