Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5790 | 1 Enghousenetworks | 1 Lighthouse Sms | 2020-12-08 | 5.0 MEDIUM | 7.5 HIGH |
| Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to bypass authentication and restart the software via unspecified vectors. | |||||
| CVE-2020-27151 | 1 Katacontainers | 1 Kata Containers | 2020-12-08 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted access rights to a cluster will be able to have kata-runtime execute arbitrary binaries as root on the worker nodes. | |||||
| CVE-2020-6939 | 1 Tableau | 1 Tableau Server | 2020-12-08 | 10.0 HIGH | 9.8 CRITICAL |
| Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2. | |||||
| CVE-2006-6578 | 1 Microsoft | 1 Internet Information Services | 2020-12-08 | 7.5 HIGH | N/A |
| Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions. | |||||
| CVE-2014-9471 | 2 Canonical, Gnu | 2 Ubuntu Linux, Coreutils | 2020-12-08 | 7.5 HIGH | N/A |
| The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command. | |||||
| CVE-2013-3128 | 1 Microsoft | 9 .net Framework, Windows 7, Windows 8 and 6 more | 2020-12-08 | 9.3 HIGH | N/A |
| The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5, allow remote attackers to execute arbitrary code via a crafted OpenType font (OTF) file, aka "OpenType Font Parsing Vulnerability." | |||||
| CVE-2019-0002 | 1 Juniper | 3 Ex2300, Ex3400, Junos | 2020-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter. | |||||
| CVE-2018-1327 | 1 Apache | 1 Struts | 2020-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| The Apache Struts REST Plugin is using XStream library which is vulnerable and allow perform a DoS attack when using a malicious request with specially crafted XML payload. Upgrade to the Apache Struts version 2.5.16 and switch to an optional Jackson XML handler as described here http://struts.apache.org/plugins/rest/#custom-contenttypehandlers. Another option is to implement a custom XML handler based on the Jackson XML handler from the Apache Struts 2.5.16. | |||||
| CVE-2020-25265 | 1 Appimage | 1 Libappimage | 2020-12-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components. | |||||
| CVE-2017-1000079 | 1 Onosproject | 1 Onos | 2020-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| Linux foundation ONOS 1.9.0 is vulnerable to a DoS. | |||||
| CVE-2017-1000080 | 1 Onosproject | 1 Onos | 2020-12-07 | 5.0 MEDIUM | 7.5 HIGH |
| Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. | |||||
| CVE-2017-4983 | 1 Dell | 1 Emc Data Domain Os | 2020-12-07 | 4.6 MEDIUM | 6.7 MEDIUM |
| EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before 6.0.1.0 is affected by a privilege escalation vulnerability that may potentially be exploited by attackers to compromise the affected system. | |||||
| CVE-2020-28272 | 1 Keyget Project | 1 Keyget | 2020-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28273 | 1 Set-in Project | 1 Set-in | 2020-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-23741 | 1 Amoisoft | 1 Anyview | 2020-12-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| In AnyView (network police) network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash (BSOD). | |||||
| CVE-2020-29439 | 1 Tesla | 2 Model X, Model X Firmware | 2020-12-04 | 2.1 LOW | 4.6 MEDIUM |
| Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN is visible from outside the vehicle.) | |||||
| CVE-2015-9551 | 1 Totolink | 16 A850r-v1, A850r-v1 Firmware, F1-v2 and 13 more | 2020-12-04 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter. | |||||
| CVE-2020-29279 | 1 74cms | 1 74cms | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution. | |||||
| CVE-2019-15595 | 1 Ui | 1 Unifi Video Controller | 2020-12-04 | 9.3 HIGH | 8.8 HIGH |
| A privilege escalation exists in UniFi Video Controller =<3.10.6 that would allow an attacker on the local machine to run arbitrary commands. | |||||
| CVE-2020-23738 | 1 Advancedsystemcare | 1 Advanced Systemcare | 2020-12-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Attackers can use a constructed program to cause a computer crash (BSOD) | |||||