Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-11083 | 1 Cloud Foundry | 1 Bosh | 2020-01-17 | 6.8 MEDIUM | 8.1 HIGH |
| Cloud Foundry BOSH, versions v264 prior to v264.14.0 and v265 prior to v265.7.0 and v266 prior to v266.8.0 and v267 prior to v267.2.0, allows refresh tokens to be as access tokens when using UAA for authentication. A remote attacker with an admin refresh token given by UAA can be used to access BOSH resources without obtaining an access token, even if their user no longer has access to those resources. | |||||
| CVE-2020-5499 | 1 Apache | 1 Rust Sgx Sdk | 2020-01-15 | 7.5 HIGH | 9.8 CRITICAL |
| Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same. | |||||
| CVE-2014-9908 | 1 Google | 1 Android | 2020-01-13 | 3.3 LOW | 6.5 MEDIUM |
| A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558). | |||||
| CVE-2014-5013 | 1 Dompdf Project | 1 Dompdf | 2020-01-13 | 6.8 MEDIUM | 8.8 HIGH |
| DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383. | |||||
| CVE-2014-5012 | 1 Dompdf Project | 1 Dompdf | 2020-01-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| DOMPDF before 0.6.2 allows denial of service. | |||||
| CVE-2012-3807 | 1 Samsung | 1 Kies | 2020-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. | |||||
| CVE-2012-3808 | 1 Samsung | 1 Kies | 2020-01-10 | 5.0 MEDIUM | 7.5 HIGH |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification. | |||||
| CVE-2012-3809 | 1 Samsung | 1 Kies | 2020-01-10 | 5.0 MEDIUM | 7.5 HIGH |
| Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification. | |||||
| CVE-2012-3810 | 1 Samsung | 1 Kies | 2020-01-10 | 5.0 MEDIUM | 7.5 HIGH |
| Samsung Kies before 2.5.0.12094_27_11 has registry modification. | |||||
| CVE-2017-7323 | 1 Modx | 1 Modx Revolution | 2020-01-10 | 6.8 MEDIUM | 8.1 HIGH |
| The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier use http://rest.modx.com by default, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code by leveraging the lack of the HTTPS protection mechanism. | |||||
| CVE-2014-7297 | 1 Kriesi | 1 Enfold | 2020-01-09 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors. | |||||
| CVE-2012-3955 | 3 Canonical, Debian, Isc | 3 Ubuntu Linux, Debian Linux, Dhcp | 2020-01-08 | 7.1 HIGH | N/A |
| ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote attackers to cause a denial of service (daemon crash) in opportunistic circumstances by establishing an IPv6 lease in an environment where the lease expiration time is later reduced. | |||||
| CVE-2014-0487 | 1 Debian | 1 Advanced Package Tool | 2020-01-08 | 7.5 HIGH | N/A |
| APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors. | |||||
| CVE-2019-11109 | 2 F5, Intel | 56 Big-ip 10000s, Big-ip 10000s Firmware, Big-ip 10050s and 53 more | 2020-01-03 | 4.6 MEDIUM | 4.4 MEDIUM |
| Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2019-10758 | 1 Mongo-express Project | 1 Mongo-express | 2020-01-02 | 9.0 HIGH | 9.9 CRITICAL |
| mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. A misuse of the `vm` dependency to perform `exec` commands in a non-safe environment. | |||||
| CVE-2019-7489 | 1 Sonicwall | 1 Email Security Appliance | 2020-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in SonicWall Email Security appliance allow an unauthenticated user to perform remote code execution. This vulnerability affected Email Security Appliance version 10.0.2 and earlier. | |||||
| CVE-2019-8849 | 1 Apple | 1 Swiftnio Ssl | 2019-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| The issue was addressed by signaling that an executable stack is not required. This issue is fixed in SwiftNIO SSL 2.4.1. A SwiftNIO application using TLS may be able to execute arbitrary code. | |||||
| CVE-2019-8541 | 1 Apple | 2 Iphone Os, Watchos | 2019-12-30 | 2.1 LOW | 3.3 LOW |
| A privacy issue existed in motion sensor calibration. This issue was addressed with improved motion sensor processing. This issue is fixed in iOS 12.2, watchOS 5.2. A malicious app may be able to track users between installs. | |||||
| CVE-2019-19750 | 1 Minerstat | 1 Msos | 2019-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| minerstat msOS before 2019-10-23 does not have a unique SSH key for each instance of the product. | |||||
| CVE-2016-3452 | 4 Ibm, Mariadb, Oracle and 1 more | 5 Powerkvm, Mariadb, Linux and 2 more | 2019-12-27 | 4.3 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. | |||||