Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4055 | 1 Ibm | 2 Mq, Mq Appliance | 2022-01-01 | 5.0 MEDIUM | 7.5 HIGH |
| IBM MQ 8.0.0.0 through 8.0.0.10, 9.0.0.0 through 9.0.0.5, and 9.1.0.0 through 9.1.1 is vulnerable to a denial of service attack within the TLS key renegotiation function. IBM X-Force ID: 156564. | |||||
| CVE-2019-0204 | 2 Apache, Redhat | 2 Mesos, Fuse | 2022-01-01 | 9.3 HIGH | 7.8 HIGH |
| A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can therefore gain root-level code execution on the host. | |||||
| CVE-2019-3719 | 1 Dell | 1 Supportassist | 2022-01-01 | 7.9 HIGH | 8.0 HIGH |
| Dell SupportAssist Client versions prior to 3.2.0.90 contain a remote code execution vulnerability. An unauthenticated attacker, sharing the network access layer with the vulnerable system, can compromise the vulnerable system by tricking a victim user into downloading and executing arbitrary executables via SupportAssist client from attacker hosted sites. | |||||
| CVE-2019-8989 | 1 Tibco | 2 Data Science For Aws, Spotfire Data Science | 2022-01-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a vulnerability that theoretically enables a user to spoof their account to look like a different user in the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science for AWS: versions up to and including 6.4.0, and TIBCO Spotfire Data Science: versions up to and including 6.4.0. | |||||
| CVE-2019-8986 | 1 Tibco | 1 Jasperreports Server | 2022-01-01 | 4.0 MEDIUM | 7.7 HIGH |
| The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3. | |||||
| CVE-2019-4034 | 1 Ibm | 1 Content Navigator | 2022-01-01 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. When editing an executable file in ICN with Edit service, it will be executed on the user's workstation. IBM X-Force ID: 156000. | |||||
| CVE-2019-13713 | 2 Google, Opensuse | 2 Chrome, Backports | 2022-01-01 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2019-13711 | 2 Google, Opensuse | 2 Chrome, Backports | 2022-01-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2019-4329 | 1 Ibm | 1 Security Guardium Big Data Intelligence | 2022-01-01 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 161209. | |||||
| CVE-2019-8772 | 1 Apple | 1 Mac Os X | 2022-01-01 | 5.0 MEDIUM | 7.5 HIGH |
| An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF. | |||||
| CVE-2019-2221 | 1 Google | 1 Android | 2022-01-01 | 4.6 MEDIUM | 7.8 HIGH |
| In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650 | |||||
| CVE-2019-8537 | 1 Apple | 1 Mac Os X | 2022-01-01 | 2.1 LOW | 5.5 MEDIUM |
| An access issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.4. A local user may be able to view a user’s locked notes. | |||||
| CVE-2020-5202 | 3 Apt-cacher-ng Project, Debian, Opensuse | 4 Apt-cacher-ng, Debian Linux, Backports and 1 more | 2022-01-01 | 2.1 LOW | 5.5 MEDIUM |
| apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can. | |||||
| CVE-2020-6750 | 2 Fedoraproject, Gnome | 2 Fedora, Glib | 2022-01-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| GSocketClient in GNOME GLib through 2.62.4 may occasionally connect directly to a target address instead of connecting via a proxy server when configured to do so, because the proxy_addr field is mishandled. This bug is timing-dependent and may occur only sporadically depending on network delays. The greatest security relevance is in use cases where a proxy is used to help with privacy/anonymity, even though there is no technical barrier to a direct connection. NOTE: versions before 2.60 are unaffected. | |||||
| CVE-2020-3933 | 1 Secom | 2 Dr.id Access Control, Dr.id Attendance System | 2022-01-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, allows attackers to enumerate and exam user account in the system. | |||||
| CVE-2019-11485 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2022-01-01 | 2.1 LOW | 3.3 LOW |
| Sander Bos discovered Apport's lock file was in a world-writable directory which allowed all users to prevent crash handling. | |||||
| CVE-2020-7209 | 1 Hp | 1 Linuxki | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2. | |||||
| CVE-2020-0728 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2022-01-01 | 4.9 MEDIUM | 5.5 MEDIUM |
| An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | |||||
| CVE-2020-9355 | 2 Debian, Networkmanager-ssh Project | 2 Debian Linux, Networkmanager-ssh | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled. | |||||
| CVE-2020-4135 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Db2, Linux Kernel and 2 more | 2022-01-01 | 5.0 MEDIUM | 7.5 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage. | |||||