Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0728 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2022-01-01 | 4.9 MEDIUM | 5.5 MEDIUM |
| An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | |||||
| CVE-2020-0674 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2022-01-01 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. | |||||
| CVE-2020-0668 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-01-01 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0669, CVE-2020-0670, CVE-2020-0671, CVE-2020-0672. | |||||
| CVE-2020-4213 | 1 Ibm | 1 Spectrum Protect | 2022-01-01 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175024. | |||||
| CVE-2020-4212 | 2 Ibm, Linux | 2 Spectrum Protect, Linux Kernel | 2022-01-01 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175023. | |||||
| CVE-2020-4211 | 2 Ibm, Linux | 2 Spectrum Protect, Linux Kernel | 2022-01-01 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022. | |||||
| CVE-2020-4210 | 2 Ibm, Linux | 2 Spectrum Protect, Linux Kernel | 2022-01-01 | 10.0 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175020. | |||||
| CVE-2019-18183 | 2 Fedoraproject, Pacman Project | 2 Fedora, Pacman | 2022-01-01 | 6.8 MEDIUM | 9.8 CRITICAL |
| pacman before 5.2 is vulnerable to arbitrary command injection in lib/libalpm/sync.c in the apply_deltas() function. This can be exploited when unsigned databases are used. To exploit the vulnerability, the user must enable the non-default delta feature and retrieve an attacker-controlled crafted database and delta file. | |||||
| CVE-2020-9355 | 2 Debian, Networkmanager-ssh Project | 2 Debian Linux, Networkmanager-ssh | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled. | |||||
| CVE-2020-9039 | 1 Couchbase | 1 Couchbase Server | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the projector process is an endpoint that administrators can use for various tasks such as updating configuration and collecting performance profiles. The endpoint was unauthenticated and has been updated to only allow authenticated users to access these administrative APIs. | |||||
| CVE-2019-18846 | 1 Open-xchange | 1 Open-xchange Appsuite | 2022-01-01 | 4.0 MEDIUM | 5.0 MEDIUM |
| OX App Suite through 7.10.2 allows SSRF. | |||||
| CVE-2013-3587 | 1 F5 | 14 Arx, Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager and 11 more | 2022-01-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| The HTTPS protocol, as used in unspecified web applications, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which makes it easier for man-in-the-middle attackers to obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack, a different issue than CVE-2012-4929. | |||||
| CVE-2020-8960 | 1 Westerndigital | 1 Mycloud.com | 2022-01-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. | |||||
| CVE-2020-3764 | 2 Adobe, Microsoft | 2 Media Encoder, Windows | 2022-01-01 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9283 | 2 Debian, Golang | 2 Debian Linux, Package Ssh | 2022-01-01 | 5.0 MEDIUM | 7.5 HIGH |
| golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client. | |||||
| CVE-2020-9308 | 3 Canonical, Fedoraproject, Libarchive | 3 Ubuntu Linux, Fedora, Libarchive | 2022-01-01 | 6.8 MEDIUM | 8.8 HIGH |
| archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. | |||||
| CVE-2019-20479 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2022-01-01 | 5.8 MEDIUM | 6.1 MEDIUM |
| A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning. | |||||
| CVE-2020-3153 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2022-01-01 | 4.9 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the installer component of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated local attacker to copy user-supplied files to system level directories with system level privileges. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. An exploit could allow the attacker to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. To exploit this vulnerability, the attacker needs valid credentials on the Windows system. | |||||
| CVE-2020-4135 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Db2, Linux Kernel and 2 more | 2022-01-01 | 5.0 MEDIUM | 7.5 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage. | |||||
| CVE-2019-20477 | 2 Fedoraproject, Pyyaml | 2 Fedora, Pyyaml | 2022-01-01 | 7.5 HIGH | 9.8 CRITICAL |
| PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. | |||||