Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6417 | 1 Google | 1 Chrome | 2020-02-17 | 4.6 MEDIUM | 7.8 HIGH |
| Inappropriate implementation in installer in Google Chrome prior to 80.0.3987.87 allowed a local attacker to execute arbitrary code via a crafted registry entry. | |||||
| CVE-2020-6414 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-6413 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2020-02-17 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass HTML validators via a crafted HTML page. | |||||
| CVE-2020-8894 | 1 Misp | 1 Misp | 2020-02-14 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php. | |||||
| CVE-2020-8892 | 1 Misp | 1 Misp | 2020-02-14 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying to block a brute-force series of invalid requests. | |||||
| CVE-2020-2121 | 1 Jenkins | 1 Google Kubernetes Engine | 2020-02-14 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
| CVE-2020-8893 | 1 Misp | 1 Misp | 2020-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp. | |||||
| CVE-2020-5824 | 1 Symantec | 1 Endpoint Protection | 2020-02-14 | 2.1 LOW | 5.5 MEDIUM |
| Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable. | |||||
| CVE-2020-8891 | 1 Misp | 1 Misp | 2020-02-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to block a brute-force series of invalid requests. | |||||
| CVE-2019-19193 | 1 Ti | 4 Ble-stack, Cc2540\/1, Cc2640r2 and 1 more | 2020-02-14 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Low Energy peripheral implementation on Texas Instruments SIMPLELINK-CC2640R2-SDK through 3.30.00.20 and BLE-STACK through 1.5.0 before Q4 2019 for CC2640R2 and CC2540/1 devices does not properly restrict the advertisement connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. | |||||
| CVE-2019-19195 | 1 Microchip | 2 Atmsamb11 Blusdk Smart, Atsamb11 | 2020-02-13 | 6.1 MEDIUM | 6.5 MEDIUM |
| The Bluetooth Low Energy implementation on Microchip Technology BluSDK Smart through 6.2 for ATSAMB11 devices does not properly restrict link-layer data length on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. | |||||
| CVE-2020-3925 | 2 Changingtec, Microsoft | 2 Servisign, Windows | 2020-02-12 | 9.3 HIGH | 8.8 HIGH |
| A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted scripts. | |||||
| CVE-2012-1567 | 1 Linuxmint | 1 Linuxmint | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintUpdate. | |||||
| CVE-2012-1566 | 1 Linuxmint | 1 Linuxmint | 2020-02-12 | 5.0 MEDIUM | 7.5 HIGH |
| LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities in mintNanny. | |||||
| CVE-2020-6409 | 1 Google | 1 Chrome | 2020-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in Omnibox in Google Chrome prior to 80.0.3987.87 allowed a remote attacker who convinced the user to enter a URI to bypass navigation restrictions via a crafted domain name. | |||||
| CVE-2020-6410 | 1 Google | 1 Chrome | 2020-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in navigation in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to confuse the user via a crafted domain name. | |||||
| CVE-2012-2204 | 1 Ibm | 1 Infosphere Guardium | 2020-02-11 | 4.9 MEDIUM | 5.5 MEDIUM |
| InfoSphere Guardium aix_ktap module: DoS | |||||
| CVE-2014-5278 | 1 Docker | 1 Docker | 2020-02-10 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability exists in Docker before 1.2 via container names, which may collide with and override container IDs. | |||||
| CVE-2018-0497 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2020-02-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery (for a CBC based ciphersuite) via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix (with a wrong SHA-384 calculation) for CVE-2013-0169. | |||||
| CVE-2018-0498 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2020-02-10 | 1.9 LOW | 4.7 MEDIUM |
| ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery (for a CBC based ciphersuite) via a cache-based side-channel attack. | |||||