Search
Total
9231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7708 | 1 Irrelon | 2 \@irrelon\/path, Irrelon-path | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions. | |||||
| CVE-2020-11195 | 1 Qualcomm | 786 Apq8009, Apq8009 Firmware, Apq8016 and 783 more | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2020-7673 | 1 Node-extend Project | 1 Node-extend | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument `A` of `extend` function`(A,B,as,isAargs)` located within `lib/extend.js` is executed by the `eval` function, resulting in code execution. | |||||
| CVE-2020-3704 | 1 Qualcomm | 92 Agatti, Agatti Firmware, Apq8009 and 89 more | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device may lead peripheral system enter into dead lock state.(This CVE is equivalent to InvalidConnectionRequest(CVE-2019-19193) mentioned in sweyntooth paper)' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8017, APQ8053, AR9344, Bitra, IPQ5018, Kamorta, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA9377, QCA9886, QCM6125, QCN7605, QCS404, QCS405, QCS605, QCS610, QRB5165, Rennell, SA415M, SA515M, Saipan, SC7180, SC8180X, SDA845, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2019-10806 | 1 Vega Project | 1 Vega | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype. | |||||
| CVE-2020-5912 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-07-21 | 3.6 LOW | 7.1 HIGH |
| In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the restjavad process's dump command does not follow current best coding practices and may overwrite arbitrary files. | |||||
| CVE-2019-9590 | 1 Tengcon | 2 T-920 Plc, T-920 Plc Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on TENGCONTROL T-920 PLC v5.5 devices. It allows remote attackers to cause a denial of service (persistent failure mode) by sending a series of \x19\xb2\x00\x00\x00\x06\x43\x01\x00\xac\xff\x00 (aka UID 0x43) requests to TCP port 502. | |||||
| CVE-2020-1181 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'. | |||||
| CVE-2019-17234 | 1 Getigniteup | 1 Igniteup | 2021-07-21 | 6.4 MEDIUM | 7.5 HIGH |
| includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion. | |||||
| CVE-2020-16138 | 1 Cisco | 2 Unified Ip Conference Station 7937g, Unified Ip Conference Station 7937g Firmware | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information. | |||||
| CVE-2020-6403 | 3 Apple, Google, Opensuse | 3 Iphone Os, Chrome, Backports Sle | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Incorrect implementation in Omnibox in Google Chrome on iOS prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2019-9082 | 3 Opensourcebms, Thinkphp, Zzzcms | 3 Open Source Background Management System, Thinkphp, Zzzphp | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. | |||||
| CVE-2019-4560 | 1 Ibm | 1 Mq Appliance | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulnerable to a denial of service attack caused by channels processing poorly formatted messages. IBM X-Force ID: 166357. | |||||
| CVE-2020-16139 | 1 Cisco | 2 Unified Ip Conference Station 7937g, Unified Ip Conference Station 7937g Firmware | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers restart the device remotely through sending specially crafted packets. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information. | |||||
| CVE-2019-9628 | 3 Canonical, Opensuse, Xmltooling Project | 3 Ubuntu Linux, Leap, Xmltooling | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The XMLTooling library all versions prior to V3.0.4, provided with the OpenSAML and Shibboleth Service Provider software, contains an XML parsing class. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. | |||||
| CVE-2019-8756 | 1 Apple | 5 Icloud, Itunes, Mac Os X and 2 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2. | |||||
| CVE-2019-10742 | 1 Axios | 1 Axios | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded. | |||||
| CVE-2020-16269 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. | |||||
| CVE-2019-18608 | 1 Cezerin | 1 Cezerin | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Cezerin v0.33.0 allows unauthorized order-information modification because certain internal attributes can be overwritten via a conflicting name when processing order requests. Hence, a malicious customer can manipulate an order (e.g., its payment status or shipping fee) by adding additional attributes to user-input during the PUT /ajax/cart operation for a checkout, because of getValidDocumentForUpdate in api/server/services/orders/orders.js. | |||||
| CVE-2019-20546 | 2 Broadcom, Google | 11 Bcm43162, Bcm43224, Bcm4323 and 8 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom Wi-Fi chipsets) software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 (November 2019). | |||||
| CVE-2020-16007 | 3 Debian, Google, Opensuse | 4 Debian Linux, Chrome, Backports Sle and 1 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | |||||
| CVE-2019-0200 | 1 Apache | 1 Qpid Broker-j | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). Users of Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 utilizing AMQP protocols 0-8, 0-9, 0-91, 0-10 must upgrade to Qpid Broker-J versions 7.0.7 or 7.1.1 or later. | |||||
| CVE-2019-17562 | 1 Apache | 1 Cloudstack | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond. | |||||
| CVE-2019-18370 | 1 Mi | 2 Millet Router 3g, Millet Router 3g Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Xiaomi Mi WiFi R3G devices before 2.28.23-stable. The backup file is in tar.gz format. After uploading, the application uses the tar zxf command to decompress, so one can control the contents of the files in the decompressed directory. In addition, the application's sh script for testing upload and download speeds reads a URL list from /tmp/speedtest_urls.xml, and there is a command injection vulnerability, as demonstrated by api/xqnetdetect/netspeed. | |||||
| CVE-2020-16279 | 1 Rangee | 1 Rangeeos | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to Remote Code Execution due to untrusted user supplied input being passed to the command line without sanitization. | |||||
| CVE-2020-7706 | 1 Connie-lang Project | 1 Connie-lang | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie. | |||||
| CVE-2020-0611 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 5.1 MEDIUM | 7.5 HIGH |
| A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. | |||||
| CVE-2020-7674 | 1 Access-policy Project | 1 Access-policy | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `template` function is executed by the `eval` function resulting in code execution. | |||||
| CVE-2019-20570 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0), O(8.0), and N(7.1) software. Attackers can bypass Factory Reset Protection (FRP) via Smart Switch. The Samsung ID is SVE-2019-15138 (September 2019). | |||||
| CVE-2019-8749 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Catalina 10.15, iOS 13, iCloud for Windows 7.14, iCloud for Windows 10.7, tvOS 13, macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, watchOS 6, iTunes 12.10.1 for Windows. Multiple issues in libxml2. | |||||
| CVE-2020-11693 | 1 Jetbrains | 1 Youtrack | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. | |||||
| CVE-2019-4568 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Mq and 4 more | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629. | |||||
| CVE-2019-4394 | 1 Ibm | 1 Cloud Orchestrator | 2021-07-21 | 2.1 LOW | 2.3 LOW |
| IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0.9 contain APIs that could be used by a local user to send email. IBM X-Force ID: 162232. | |||||
| CVE-2019-20569 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 6.2 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via the status bar. The Samsung ID is SVE-2019-15089 (September 2019). | |||||
| CVE-2019-10495 | 1 Qualcomm | 72 Msm8909w, Msm8909w Firmware, Msm8996au and 69 more | 2021-07-21 | 4.6 MEDIUM | 7.3 HIGH |
| Arbitrary buffer write issue while processing sequence header during HEVC or AVC encoding. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2020-1241 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| A security feature bypass vulnerability exists when Windows Kernel fails to properly sanitize certain parameters.To exploit the vulnerability, a locally-authenticated attacker could attempt to run a specially crafted application on a targeted system.The update addresses the vulnerability by correcting how Windows Kernel handles parameter sanitization., aka 'Windows Kernel Security Feature Bypass Vulnerability'. | |||||
| CVE-2020-3794 | 1 Adobe | 1 Coldfusion | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file inclusion vulnerability. Successful exploitation could lead to arbitrary code execution of files located in the webroot or its subdirectory. | |||||
| CVE-2020-15865 | 1 Stimulsoft | 1 Reports | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file. This can be used to fully compromise the server. | |||||
| CVE-2020-5891 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 6 more | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile. | |||||
| CVE-2019-8531 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A validation issue existed in Trust Anchor Management. This issue was addressed with improved validation. This issue is fixed in watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An untrusted radius server certificate may be trusted. | |||||
| CVE-2019-20717 | 1 Netgear | 46 D3600, D3600 Firmware, D6000 and 43 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by denial of service. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, EX2700 before 1.0.1.52, EX6200v2 before 1.0.1.74, EX8000 before 1.0.1.180, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, SRK60 before 2.2.1.210, SRR60 before 2.2.1.210, SRS60 before 2.2.1.210, WN2000RPTv3 before 1.0.1.34, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, and WNDR4500v3 before 1.0.0.58. | |||||
| CVE-2020-12784 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). | |||||
| CVE-2019-5864 | 1 Google | 1 Chrome | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. | |||||
| CVE-2019-16722 | 1 Zzzcms | 1 Zzzphp | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. | |||||
| CVE-2019-5776 | 4 Debian, Fedoraproject, Google and 1 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. | |||||
| CVE-2019-3464 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands. | |||||
| CVE-2019-9717 | 1 Libav | 1 Libav | 2021-07-21 | 7.1 HIGH | 6.5 MEDIUM |
| In Libav 12.3, a denial of service in the subtitle decoder allows attackers to hog the CPU via a crafted video file in Matroska format, because srt_to_ass in libavcodec/srtdec.c has a complex format argument to sscanf. | |||||
| CVE-2019-0064 | 1 Juniper | 4 Junos, Srx5400, Srx5600 and 1 more | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| On SRX5000 Series devices, if 'set security zones security-zone <zone> tcp-rst' is configured, the flowd process may crash when a specific TCP packet is received by the device and triggers a new session. The process restarts automatically. However, receipt of a constant stream of these TCP packets may result in an extended Denial of Service (DoS) condition on the device. This issue affects Juniper Networks Junos OS: 18.2R3 on SRX 5000 Series; 18.4R2 on SRX 5000 Series; 19.2R1 on SRX 5000 Series. | |||||
| CVE-2019-5865 | 1 Google | 1 Chrome | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | |||||
| CVE-2020-8329 | 1 Lenovo | 6 Lj4010dn, Lj4010dn Firmware, Lj6700dn and 3 more | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted. | |||||