Search
Total
2199 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1000873 | 3 Fasterxml, Netapp, Oracle | 6 Jackson-modules-java8, Active Iq Unified Manager, Clusterware and 3 more | 2021-01-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8. | |||||
| CVE-2021-21606 | 1 Jenkins | 1 Jenkins | 2021-01-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier improperly validates the format of a provided fingerprint ID when checking for its existence allowing an attacker to check for the existence of XML files with a short path. | |||||
| CVE-2021-1053 | 3 Linux, Microsoft, Nvidia | 3 Linux Kernel, Windows, Gpu Driver | 2021-01-14 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service. | |||||
| CVE-2021-0322 | 1 Google | 1 Android | 2021-01-13 | 1.9 LOW | 5.0 MEDIUM |
| In onCreate of SlicePermissionActivity.java, there is a possible misleading string displayed due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: Android; Versions: Android-10, Android-11, Android-9; Android ID: A-159145361. | |||||
| CVE-2020-4667 | 1 Ibm | 1 Engineering Requirements Quality Assistant On-premises | 2021-01-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Engineering Requirements Quality Assistant On-Premises could allow an authenticated user to obtain sensitive information due to improper input validation. IBM X-Force ID: 186282. | |||||
| CVE-2020-26291 | 1 Urijs Project | 1 Urijs | 2021-01-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| URI.js is a javascript URL mutation library (npm package urijs). In URI.js before version 1.19.4, the hostname can be spoofed by using a backslash (`\`) character followed by an at (`@`) character. If the hostname is used in security decisions, the decision may be incorrect. Depending on library usage and attacker intent, impacts may include allow/block list bypasses, SSRF attacks, open redirects, or other undesired behavior. For example the URL `https://expected-example.com\@observed-example.com` will incorrectly return `observed-example.com` if using an affected version. Patched versions correctly return `expected-example.com`. Patched versions match the behavior of other parsers which implement the WHATWG URL specification, including web browsers and Node's built-in URL class. Version 1.19.4 is patched against all known payload variants. Version 1.19.3 has a partial patch but is still vulnerable to a payload variant.] | |||||
| CVE-2020-6567 | 4 Fedoraproject, Google, Microsoft and 1 more | 5 Fedora, Chrome, Windows and 2 more | 2021-01-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2020-9137 | 1 Huawei | 8 Cloudengine 12800, Cloudengine 12800 Firmware, Cloudengine 5800 and 5 more | 2020-12-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation. | |||||
| CVE-2020-27727 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2020-12-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the filesystem. | |||||
| CVE-2020-15292 | 1 Bitdefender | 1 Hypervisor Introspection | 2020-12-22 | 2.1 LOW | 5.5 MEDIUM |
| Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations. | |||||
| CVE-2020-15293 | 1 Bitdefender | 1 Hypervisor Introspection | 2020-12-22 | 2.1 LOW | 5.5 MEDIUM |
| Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions. | |||||
| CVE-2020-12521 | 1 Phoenixcontact | 7 Axc F 1152, Axc F 2152, Axc F 2152 Starterkit and 4 more | 2020-12-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack. An attacker can cause failure of system services or a complete reboot. | |||||
| CVE-2020-6868 | 1 Zte | 2 F680, F680 Firmware | 2020-12-04 | 3.3 LOW | 6.5 MEDIUM |
| There is an input validation vulnerability in a PON terminal product of ZTE, which supports the creation of WAN connections through WEB management pages. The front-end limits the length of the WAN connection name that is created, but the HTTP proxy is available to be used to bypass the limitation. An attacker can exploit the vulnerability to tamper with the parameter value. This affects: ZTE F680 V9.0.10P1N6 | |||||
| CVE-2017-2576 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums. | |||||
| CVE-2020-12323 | 1 Intel | 1 Adas Ie | 2020-11-30 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in the Intel(R) ADAS IE before version ADAS_IE_1.0.766 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2018-20804 | 1 Mongodb | 1 Mongodb | 2020-11-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations. This issue affects: MongoDB Inc. MongoDB Server v4.0 versions prior to 4.0.10; v3.6 versions prior to 3.6.13. | |||||
| CVE-2020-8669 | 1 Intel | 1 Data Center Manager | 2020-11-24 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2020-8756 | 1 Intel | 1 Converged Security And Manageability Engine | 2020-11-24 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12322 | 1 Intel | 22 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 19 more | 2020-11-24 | 3.3 LOW | 6.5 MEDIUM |
| Improper input validation in some Intel(R) Wireless Bluetooth(R) products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2020-12314 | 1 Intel | 12 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3168, Dual Band Wireless-ac 8260 and 9 more | 2020-11-20 | 3.3 LOW | 6.5 MEDIUM |
| Improper input validation in some Intel(R) PROSet/Wireless WiFi products before version 21.110 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2020-0572 | 1 Intel | 7 Server Board S2600st Firmware, Server Board S2600stbr, Server Board S2600stqr and 4 more | 2020-11-20 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in the firmware for Intel(R) Server Board S2600ST and S2600WF families may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12349 | 1 Intel | 1 Data Center Manager | 2020-11-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2020-28349 | 1 Chirpstack | 1 Network Server | 2020-11-19 | 6.8 MEDIUM | 6.5 MEDIUM |
| ** DISPUTED ** An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. NOTE: the vendor's position is that there are no "guarantees that allowing untrusted LoRa gateways to the network should still result in a secure network." | |||||
| CVE-2020-5643 | 1 Cybozu | 1 Garoon | 2020-11-16 | 5.5 MEDIUM | 6.5 MEDIUM |
| Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector. | |||||
| CVE-2016-7536 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| magick/profile.c in ImageMagick allows remote attackers to cause a denial of service (segmentation fault) via a crafted profile. | |||||
| CVE-2015-8744 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-11-10 | 2.1 LOW | 5.5 MEDIUM |
| QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC emulator support is vulnerable to crash issue. It occurs when a guest sends a Layer-2 packet smaller than 22 bytes. A privileged (CAP_SYS_RAWIO) guest user could use this flaw to crash the QEMU process instance resulting in DoS. | |||||
| CVE-2016-7907 | 1 Qemu | 1 Qemu | 2020-11-10 | 2.1 LOW | 4.4 MEDIUM |
| The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick Emulator) does not properly limit the buffer descriptor count when transmitting packets, which allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via vectors involving a buffer descriptor with a length of 0 and crafted values in bd.flags. | |||||
| CVE-2020-6020 | 1 Checkpoint | 1 Ica Management Portal | 2020-11-10 | 7.4 HIGH | 6.4 MEDIUM |
| Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator. | |||||
| CVE-2018-20662 | 3 Debian, Fedoraproject, Freedesktop | 3 Debian Linux, Fedora, Poppler | 2020-11-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Poppler 0.72.0, PDFDoc::setup in PDFDoc.cc allows attackers to cause a denial-of-service (application crash caused by Object.h SIGABRT, because of a wrong return value from PDFDoc::setup) by crafting a PDF file in which an xref data structure is mishandled during extractPDFSubtype processing. | |||||
| CVE-2018-20650 | 2 Canonical, Freedesktop | 2 Ubuntu Linux, Poppler | 2020-11-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach. | |||||
| CVE-2018-19869 | 2 Opensuse, Qt | 2 Leap, Qt | 2020-11-02 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Qt before 5.11.3. A malformed SVG image causes a segmentation fault in qsvghandler.cpp. | |||||
| CVE-2020-1682 | 1 Juniper | 7 Junos, Nfx150, Nfx250 and 4 more | 2020-10-29 | 2.1 LOW | 5.5 MEDIUM |
| An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. The srxpfe process restarts automatically, but continuous execution of the commands could lead to an extended Denial of Service condition. This issue only affects the SRX1500, SRX4100, SRX4200, NFX150, NFX250, and vSRX-based platforms. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D220 on SRX1500, SRX4100, SRX4200, vSRX; 17.4 versions prior to 17.4R3-S3 on SRX1500, SRX4100, SRX4200, vSRX; 18.1 versions prior to 18.1R3-S11 on SRX1500, SRX4100, SRX4200, vSRX, NFX150; 18.2 versions prior to 18.2R3-S5 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 19.1 versions prior to 19.1R3-S2 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 19.2 versions prior to 19.2R1-S5, 19.2R3 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250. This issue does not affect Junos OS 19.3 or any subsequent version. | |||||
| CVE-2020-6933 | 1 Blackberry | 1 Unified Endpoint Manager | 2020-10-29 | 2.1 LOW | 5.5 MEDIUM |
| An improper input validation vulnerability in the UEM Core of BlackBerry UEM version(s) 12.13.0, 12.12.1a QF2 (and earlier), and 12.11.1 QF3 (and earlier) could allow an attacker to potentially cause a Denial of Service (DoS) of the UEM Core service. | |||||
| CVE-2019-8853 | 1 Apple | 1 Mac Os X | 2020-10-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. An application may be able to read restricted memory. | |||||
| CVE-2019-8736 | 1 Apple | 1 Mac Os X | 2020-10-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| An input validation issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged network position may be able to leak sensitive user information. | |||||
| CVE-2019-8737 | 1 Apple | 1 Mac Os X | 2020-10-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. An attacker in a privileged position may be able to perform a denial of service attack. | |||||
| CVE-2019-8668 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2020-10-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A denial of service issue was addressed with improved validation. This issue is fixed in iOS 12.4, tvOS 12.4, watchOS 5.3. Processing a maliciously crafted image may lead to a denial of service. | |||||
| CVE-2019-8664 | 1 Apple | 2 Iphone Os, Watchos | 2020-10-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, watchOS 5.2.1. Processing a maliciously crafted message may lead to a denial of service. | |||||
| CVE-2020-9105 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2020-10-26 | 4.6 MEDIUM | 6.7 MEDIUM |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to access and modify the memory of the device by doing a series of operations. Successful exploit may cause the service abnormal. | |||||
| CVE-2020-4781 | 1 Ibm | 1 Curam Social Program Management | 2020-10-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| An improper input validation before calling java readLine() method may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, which could result in a denial of service. IBM X-Force ID: 189159. | |||||
| CVE-2018-1000205 | 1 Denx | 1 U-boot | 2020-10-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| U-Boot contains a CWE-20: Improper Input Validation vulnerability in Verified boot signature validation that can result in Bypass verified boot. This attack appear to be exploitable via Specially crafted FIT image and special device memory functionality. | |||||
| CVE-2020-6366 | 1 Sap | 1 Netweaver Compare Systems | 2020-10-22 | 5.5 MEDIUM | 6.5 MEDIUM |
| SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents. An attacker with administrative privileges can retrieve arbitrary files including files on OS level from the server and/or can execute a denial-of-service. | |||||
| CVE-2020-14338 | 1 Redhat | 1 Xerces | 2020-10-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3. | |||||
| CVE-2020-6375 | 1 Sap | 1 3d Visual Enterprise Viewer | 2020-10-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-6376 | 1 Sap | 1 3d Visual Enterprise Viewer | 2020-10-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-9122 | 1 Huawei | 14 Hirouter-cd30-10, Hirouter-cd30-10 Firmware, Hirouter-ct31-10 and 11 more | 2020-10-16 | 3.3 LOW | 6.5 MEDIUM |
| Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version 10.0.1.9;WS5281-10 version 10.0.5.10;WS5800-10 version 10.0.3.25;WS7100-10 version 10.0.5.21;WS7200-10 version 10.0.5.21. | |||||
| CVE-2019-1923 | 1 Cisco | 20 Spa500ds, Spa500ds Firmware, Spa500s and 17 more | 2020-10-16 | 4.6 MEDIUM | 6.6 MEDIUM |
| A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by accessing the configuration interface, which may require a password, and then accessing the device's physical interface and inserting a USB storage device. A successful exploit could allow the attacker to execute arbitrary commands on the device in an elevated security context. At the time of publication, this vulnerability affected Cisco Small Business SPA500 Series IP Phones firmware releases 7.6.2SR5 and prior. | |||||
| CVE-2019-1906 | 1 Cisco | 1 Prime Infrastructure | 2020-10-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by manipulating requests sent to an affected PI server. A successful exploit could allow the attacker to change the virtual domain configuration and possibly elevate privileges. | |||||
| CVE-2019-1978 | 1 Cisco | 3 Firepower Management Center, Firepower Services Software For Asa, Firepower Threat Defense | 2020-10-16 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. | |||||
| CVE-2019-1981 | 1 Cisco | 3 Firepower Management Center, Firepower Services Software For Asa, Firepower Threat Defense | 2020-10-16 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to insufficient normalization of a text-based payload. An attacker could exploit this vulnerability by sending traffic that contains specifically obfuscated payloads through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious payloads to protected systems that would otherwise be blocked. | |||||