Search
Total
2199 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4231 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2020-05-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation. IBM X-Force ID: 175335. | |||||
| CVE-2020-1173 | 1 Microsoft | 1 Power Bi Report Server | 2020-05-27 | 3.5 LOW | 6.8 MEDIUM |
| A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka 'Microsoft Power BI Report Server Spoofing Vulnerability'. | |||||
| CVE-2017-6188 | 2 Debian, Munin-monitoring | 2 Debian Linux, Munin | 2020-05-27 | 1.9 LOW | 5.5 MEDIUM |
| Munin before 2.999.6 has a local file write vulnerability when CGI graphs are enabled. Setting multiple upper_limit GET parameters allows overwriting any file accessible to the www-data user. | |||||
| CVE-2020-7137 | 1 Hpe | 2 Superdome Flex Server, Superdome Flex Server Firmware | 2020-05-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue. | |||||
| CVE-2020-12742 | 1 Iubenda | 1 Iubenda-cookie-law-solution | 2020-05-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols. | |||||
| CVE-2016-1115 | 1 Adobe | 1 Coldfusion | 2020-05-14 | 4.3 MEDIUM | 5.9 MEDIUM |
| Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate. | |||||
| CVE-2016-1156 | 3 Apple, Linecorp, Microsoft | 3 Mac Os X, Line, Windows | 2020-05-11 | 3.5 LOW | 5.7 MEDIUM |
| LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline. | |||||
| CVE-2017-8545 | 1 Microsoft | 1 Outlook | 2020-05-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| A spoofing vulnerability exists in when Microsoft Outlook for Mac does not sanitize html properly, aka "Microsoft Outlook for Mac Spoofing Vulnerability". | |||||
| CVE-2020-1732 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Continuous Delivery, Openshift Application Runtimes and 1 more | 2020-05-08 | 4.9 MEDIUM | 4.2 MEDIUM |
| A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request. | |||||
| CVE-2017-18867 | 1 Netgear | 10 D6100, D6100 Firmware, D7800 and 7 more | 2020-05-07 | 4.6 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48. | |||||
| CVE-2018-13796 | 1 Gnu | 1 Mailman | 2020-05-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site. | |||||
| CVE-2019-5303 | 1 Huawei | 94 Alp-al00b, Alp-al00b Firmware, Alp-l09 and 91 more | 2020-05-05 | 2.9 LOW | 5.3 MEDIUM |
| There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 2 out of 2 vulnerabilities. Different than CVE-2020-5302. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3) | |||||
| CVE-2019-5302 | 1 Huawei | 94 Alp-al00b, Alp-al00b Firmware, Alp-l09 and 91 more | 2020-05-05 | 2.9 LOW | 5.3 MEDIUM |
| There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause device abnormal. This is 1 out of 2 vulnerabilities. Different than CVE-2020-5303. Affected products are: ALP-AL00B: earlier than 9.1.0.333(C00E333R2P1T8) ALP-L09: earlier than 9.1.0.300(C432E4R1P9T8) ALP-L29: earlier than 9.1.0.315(C636E5R1P13T8) BLA-L29C: earlier than 9.1.0.321(C636E4R1P14T8), earlier than 9.1.0.330(C432E6R1P12T8), earlier than 9.1.0.302(C635E4R1P13T8) Berkeley-AL20: earlier than 9.1.0.333(C00E333R2P1T8) Berkeley-L09: earlier than 9.1.0.350(C10E3R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8), earlier than 9.1.0.350(C636E4R1P13T8) Charlotte-L09C: earlier than 9.1.0.311(C185E4R1P11T8), earlier than 9.1.0.345(C432E8R1P11T8) Charlotte-L29C: earlier than 9.1.0.325(C185E4R1P11T8), earlier than 9.1.0.335(C636E3R1P13T8), earlier than 9.1.0.345(C432E8R1P11T8), earlier than 9.1.0.336(C605E3R1P12T8) Columbia-AL10B: earlier than 9.1.0.333(C00E333R1P1T8) Columbia-L29D: earlier than 9.1.0.350(C461E3R1P11T8), earlier than 9.1.0.350(C185E3R1P12T8), earlier than 9.1.0.350(C10E5R1P14T8), earlier than 9.1.0.351(C432E5R1P13T8) Cornell-AL00A: earlier than 9.1.0.333(C00E333R1P1T8) Cornell-L29A: earlier than 9.1.0.328(C185E1R1P9T8), earlier than 9.1.0.328(C432E1R1P9T8), earlier than 9.1.0.330(C461E1R1P9T8), earlier than 9.1.0.328(C636E2R1P12T8) Emily-L09C: earlier than 9.1.0.336(C605E4R1P12T8), earlier than 9.1.0.311(C185E2R1P12T8), earlier than 9.1.0.345(C432E10R1P12T8) Emily-L29C: earlier than 9.1.0.311(C605E2R1P12T8), earlier than 9.1.0.311(C636E7R1P13T8), earlier than 9.1.0.311(C432E7R1P11T8) Ever-L29B: earlier than 9.1.0.311(C185E3R3P1), earlier than 9.1.0.310(C636E3R2P1), earlier than 9.1.0.310(C432E3R1P12) HUAWEI Mate 20: earlier than 9.1.0.131(C00E131R3P1) HUAWEI Mate 20 Pro: earlier than 9.1.0.310(C185E10R2P1) HUAWEI Mate 20 RS: earlier than 9.1.0.135(C786E133R3P1) HUAWEI Mate 20 X: earlier than 9.1.0.135(C00E133R2P1) HUAWEI P20: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P20 Pro: earlier than 9.1.0.333(C00E333R1P1T8) HUAWEI P30: earlier than 9.1.0.193 HUAWEI P30 Pro: earlier than 9.1.0.186(C00E180R2P1) HUAWEI Y9 2019: earlier than 9.1.0.220(C605E3R1P1T8) HUAWEI nova lite 3: earlier than 9.1.0.305(C635E8R2P2) Honor 10 Lite: earlier than 9.1.0.283(C605E8R2P2) Honor 8X: earlier than 9.1.0.221(C461E2R1P1T8) Honor View 20: earlier than 9.1.0.238(C432E1R3P1) Jackman-L22: earlier than 9.1.0.247(C636E2R4P1T8) Paris-L21B: earlier than 9.1.0.331(C432E1R1P2T8) Paris-L21MEB: earlier than 9.1.0.331(C185E4R1P3T8) Paris-L29B: earlier than 9.1.0.331(C636E1R1P3T8) Sydney-AL00: earlier than 9.1.0.212(C00E62R1P7T8) Sydney-L21: earlier than 9.1.0.215(C432E1R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8) Sydney-L21BR: earlier than 9.1.0.213(C185E1R1P2T8) Sydney-L22: earlier than 9.1.0.258(C636E1R1P1T8) Sydney-L22BR: earlier than 9.1.0.258(C636E1R1P1T8) SydneyM-AL00: earlier than 9.1.0.228(C00E78R1P7T8) SydneyM-L01: earlier than 9.1.0.215(C782E2R1P1T8), earlier than 9.1.0.213(C185E1R1P1T8), earlier than 9.1.0.270(C432E3R1P1T8) SydneyM-L03: earlier than 9.1.0.217(C605E1R1P1T8) SydneyM-L21: earlier than 9.1.0.221(C461E1R1P1T8), earlier than 9.1.0.215(C432E4R1P1T8) SydneyM-L22: earlier than 9.1.0.259(C185E1R1P2T8), earlier than 9.1.0.220(C635E1R1P2T8), earlier than 9.1.0.216(C569E1R1P1T8) SydneyM-L23: earlier than 9.1.0.226(C605E2R1P1T8) Yale-L21A: earlier than 9.1.0.154(C432E2R3P2), earlier than 9.1.0.154(C461E2R2P1), earlier than 9.1.0.154(C636E2R2P1) Honor 20: earlier than 9.1.0.152(C00E150R5P1) Honor Magic2: earlier than 10.0.0.187 Honor V20: earlier than 9.1.0.234(C00E234R4P3) | |||||
| CVE-2018-1268 | 1 Cloudfoundry | 1 Loggregator | 2020-05-04 | 4.9 MEDIUM | 6.8 MEDIUM |
| Cloud Foundry Loggregator, versions 89.x prior to 89.5 or 96.x prior to 96.1 or 99.x prior to 99.1 or 101.x prior to 101.9 or 102.x prior to 102.2, does not validate app GUID structure in requests. A remote authenticated malicious user knowing the GUID of an app may construct malicious requests to read from or write to the logs of that app. | |||||
| CVE-2020-1880 | 1 Huawei | 2 Lion-al00c, Lion-al00c Firmware | 2020-04-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device abnormal. | |||||
| CVE-2020-5565 | 1 Cybozu | 1 Garoon | 2020-04-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'. | |||||
| CVE-2020-11890 | 1 Joomla | 1 Joomla\! | 2020-04-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration. | |||||
| CVE-2020-11007 | 1 Shopizer | 1 Shopizer | 2020-04-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Shopizer before version 2.11.0, using API or Controller based versions negative quantity is not adequately validated hence creating incorrect shopping cart and order total. This vulnerability makes it possible to create a negative total in the shopping cart. This has been patched in version 2.11.0. | |||||
| CVE-2018-20539 | 1 Liblas | 1 Liblas | 2020-04-25 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a Segmentation fault triggered by illegal address access at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service. | |||||
| CVE-2018-21122 | 1 Netgear | 8 Gs110emx, Gs110emx Firmware, Gs810emx and 5 more | 2020-04-24 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by denial of service. This affects GS110EMX before 1.0.0.9, GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6. | |||||
| CVE-2017-18763 | 1 Netgear | 28 Jnr1010, Jnr1010 Firmware, Jr6150 and 25 more | 2020-04-24 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNR1010v2 before 1.1.0.42, JR6150 before 1.0.1.10, JWNR2010v5 before 1.1.0.42, PR2000 before 1.0.0.18, R6050 before 1.0.1.10, R6120 before 1.0.0.30, R6220 before 1.1.0.50, R6700v2 before 1.2.0.4, R6800 before 1.2.0.4, R6900v2 before 1.2.0.4, WNDR3700v5 before 1.1.0.48, WNR1000v4 before 1.1.0.42, WNR2020 before 1.1.0.42, and WNR2050 before 1.1.0.42. | |||||
| CVE-2017-18778 | 1 Netgear | 60 D6220, D6220 Firmware, D6400 and 57 more | 2020-04-24 | 2.1 LOW | 5.5 MEDIUM |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6220 before 1.0.0.28, D6400 before 1.0.0.60, D7000 before 1.0.1.52, D7000v2 before 1.0.0.38, D7800 before 1.0.1.24, D8500 before 1.0.3.29, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.14, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6050 before 1.0.1.14, R6220 before 1.1.0.60, R6400 before 1.1.0.26, R6400v2 before 1.0.2.46, R6700v2 before 1.2.0.2, R6800 before 1.2.0.2, R6900v2 before 1.2.0.2, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7500 before 1.0.0.112, R7500v2 before 1.0.3.24, R7800 before 1.0.2.36, R7900P before 1.1.4.6, R8000P before 1.1.4.6, R8300 before 1.0.2.104, R8500 before 1.0.2.104, R9000 before 1.0.2.52, WNDR3700v4 before 1.0.2.94, WNDR3700v5 before 1.1.0.50, WNDR4300v1 before 1.0.2.96, WNDR4300v2 before 1.0.0.52, WNDR4500v3 before 1.0.0.52, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44. | |||||
| CVE-2017-18798 | 1 Netgear | 10 D1500, D1500 Firmware, D500 and 7 more | 2020-04-24 | 2.1 LOW | 6.2 MEDIUM |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects R6700v2 before 1.1.0.38, R6800 before 1.1.0.38, D7000 before 1.0.1.50, and D1500 before 1.0.0.25. | |||||
| CVE-2017-18747 | 1 Netgear | 16 Ex3700, Ex3700 Firmware, Ex3800 and 13 more | 2020-04-23 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6000 before 1.0.0.24, EX6130 before 1.0.0.16, EX6400 before 1.0.1.60, EX7000 before 1.0.0.50, EX7300 before 1.0.1.60, and WN2500RPv2 before 1.0.1.46. | |||||
| CVE-2018-21141 | 1 Netgear | 18 R6100, R6100 Firmware, R7500 and 15 more | 2020-04-23 | 2.7 LOW | 4.5 MEDIUM |
| Certain NETGEAR devices are affected by denial of service. This affects R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. | |||||
| CVE-2017-18803 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-04-23 | 2.1 LOW | 6.2 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.30 are affected by incorrect configuration of security settings. | |||||
| CVE-2018-21140 | 1 Netgear | 4 D3600, D3600 Firmware, D6000 and 1 more | 2020-04-23 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. | |||||
| CVE-2017-18840 | 1 Netgear | 20 M4200, M4200 Firmware, M4300-12x12f and 17 more | 2020-04-22 | 2.1 LOW | 6.2 MEDIUM |
| Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15. | |||||
| CVE-2020-8324 | 1 Lenovo | 1 System Interface Foundation | 2020-04-15 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed. | |||||
| CVE-2020-1986 | 2 Microsoft, Paloaltonetworks | 2 Windows, Secdo | 2020-04-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows. | |||||
| CVE-2018-21068 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 6.2 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.0) software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 (July 2018). | |||||
| CVE-2020-5255 | 1 Sensiolabs | 1 Symfony | 2020-04-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response's content and `Content-Type` header. When the response is cached, this can prevent the use of the website by other users. This has been patched in versions 4.4.7 and 5.0.7. | |||||
| CVE-2018-21092 | 1 Google | 1 Android | 2020-04-09 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018). | |||||
| CVE-2016-11040 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5068 (June 2016). | |||||
| CVE-2017-18667 | 1 Google | 1 Android | 2020-04-08 | 5.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can prevent users from learning that SMS storage space has been exhausted. The Samsung ID is SVE-2017-8702 (June 2017). | |||||
| CVE-2016-11048 | 1 Google | 1 Android | 2020-04-08 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 2016). | |||||
| CVE-2016-11053 | 1 Google | 1 Android | 2020-04-08 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January 2016). | |||||
| CVE-2016-11032 | 1 Google | 1 Android | 2020-04-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with M(6.0) software. An attacker can disable all Sound functionality by broadcasting an unprotected intent. The Samsung IDs are SVE-2016-7179 and SVE-2016-7182 (November 2016). | |||||
| CVE-2015-8605 | 4 Canonical, Debian, Isc and 1 more | 4 Ubuntu Linux, Debian Linux, Dhcp and 1 more | 2020-04-01 | 5.7 MEDIUM | 6.5 MEDIUM |
| ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. | |||||
| CVE-2020-6425 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2020-03-25 | 5.8 MEDIUM | 5.4 MEDIUM |
| Insufficient policy enforcement in extensions in Google Chrome prior to 80.0.3987.149 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted Chrome Extension. | |||||
| CVE-2018-12123 | 1 Nodejs | 1 Node.js | 2020-03-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Hostname spoofing in URL parser for javascript protocol: If a Node.js application is using url.parse() to determine the URL hostname, that hostname can be spoofed by using a mixed case "javascript:" (e.g. "javAscript:") protocol (other protocols are not affected). If security decisions are made about the URL based on the hostname, they may be incorrect. | |||||
| CVE-2019-11089 | 1 Intel | 1 Graphics Driver | 2020-03-20 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2019-14591 | 1 Intel | 1 Graphics Driver | 2020-03-20 | 2.1 LOW | 5.5 MEDIUM |
| Improper input validation in the API for Intel(R) Graphics Driver versions before 26.20.100.7209 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2019-5717 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. | |||||
| CVE-2019-5716 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2020-03-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. | |||||
| CVE-2020-10240 | 1 Joomla | 1 Joomla\! | 2020-03-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead to the creation of users with duplicate usernames and/or email addresses. | |||||
| CVE-2020-0526 | 1 Intel | 140 Compute Stick Stck1a32wfc, Compute Stick Stck1a32wfc Firmware, Compute Stick Stck1a8lfc and 137 more | 2020-03-18 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. The list of affected products is provided in intel-sa-00343: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00343.html | |||||
| CVE-2018-19516 | 1 Kde | 1 Kde Applications | 2020-03-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| messagepartthemes/default/defaultrenderer.cpp in messagelib in KDE Applications before 18.12.0 does not properly restrict the handling of an http-equiv="REFRESH" value. | |||||
| CVE-2020-7253 | 1 Mcafee | 1 Agent | 2020-03-17 | 2.1 LOW | 4.4 MEDIUM |
| Improper access control vulnerability in masvc.exe in McAfee Agent (MA) prior to 5.6.4 allows local users with administrator privileges to disable self-protection via a McAfee supplied command-line utility. | |||||
| CVE-2019-12433 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.7 through 11.11. It has Improper Input Validation. Restricted visibility settings allow creating internal projects in private groups, leading to multiple permission issues. | |||||