Search
Total
9231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9914 | 1 Apple | 3 Ipad Os, Iphone Os, Tvos | 2020-10-20 | 5.0 MEDIUM | 7.5 HIGH |
| An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8. An attacker in a privileged network position may be able to perform denial of service attack using malformed Bluetooth packets. | |||||
| CVE-2020-9870 | 1 Apple | 4 Ipad Os, Iphone Os, Mac Os X and 1 more | 2020-10-20 | 6.5 MEDIUM | 8.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. An attacker with memory write capability may be able to bypass pointer authentication codes and run arbitrary code. | |||||
| CVE-2020-14338 | 1 Redhat | 1 Xerces | 2020-10-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3. | |||||
| CVE-2019-16005 | 1 Cisco | 2 Collaboration Meeting Rooms, Webex Video Mesh | 2020-10-19 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node. | |||||
| CVE-2020-6375 | 1 Sap | 1 3d Visual Enterprise Viewer | 2020-10-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-6376 | 1 Sap | 1 3d Visual Enterprise Viewer | 2020-10-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | |||||
| CVE-2020-7740 | 1 Node-pdf-generator Project | 1 Node-pdf-generator | 2020-10-19 | 6.4 MEDIUM | 8.2 HIGH |
| This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack. | |||||
| CVE-2019-1592 | 1 Cisco | 28 Nexus 9000, Nexus 92160yc-x, Nexus 92300yc and 25 more | 2020-10-16 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the background operations functionality of Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an authenticated, local attacker to gain elevated privileges as root on an affected device. The vulnerability is due to insufficient validation of user-supplied files on an affected device. An attacker could exploit this vulnerability by logging in to the CLI of the affected device and creating a crafted file in a specific directory on the filesystem. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. | |||||
| CVE-2020-9122 | 1 Huawei | 14 Hirouter-cd30-10, Hirouter-cd30-10 Firmware, Hirouter-ct31-10 and 11 more | 2020-10-16 | 3.3 LOW | 6.5 MEDIUM |
| Some Huawei products have an insufficient input verification vulnerability. Attackers can exploit this vulnerability in the LAN to cause service abnormal on affected devices.Affected product versions include:HiRouter-CD30-10 version 10.0.2.5;HiRouter-CT31-10 version 10.0.2.20;WS5200-12 version 10.0.1.9;WS5281-10 version 10.0.5.10;WS5800-10 version 10.0.3.25;WS7100-10 version 10.0.5.21;WS7200-10 version 10.0.5.21. | |||||
| CVE-2019-1923 | 1 Cisco | 20 Spa500ds, Spa500ds Firmware, Spa500s and 17 more | 2020-10-16 | 4.6 MEDIUM | 6.6 MEDIUM |
| A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by accessing the configuration interface, which may require a password, and then accessing the device's physical interface and inserting a USB storage device. A successful exploit could allow the attacker to execute arbitrary commands on the device in an elevated security context. At the time of publication, this vulnerability affected Cisco Small Business SPA500 Series IP Phones firmware releases 7.6.2SR5 and prior. | |||||
| CVE-2019-1873 | 1 Cisco | 10 Asa 5506-x, Asa 5506-x Firmware, Asa 5506h-x and 7 more | 2020-10-16 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the cryptographic driver for Cisco Adaptive Security Appliance Software (ASA) and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to reboot unexpectedly. The vulnerability is due to incomplete input validation of a Secure Sockets Layer (SSL) or Transport Layer Security (TLS) ingress packet header. An attacker could exploit this vulnerability by sending a crafted TLS/SSL packet to an interface on the targeted device. An exploit could allow the attacker to cause the device to reload, which will result in a denial of service (DoS) condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is required to exploit this vulnerability. | |||||
| CVE-2019-1889 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2020-10-16 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the REST API for software device management in Cisco Application Policy Infrastructure Controller (APIC) Software could allow an authenticated, remote attacker to escalate privileges to root on an affected device. The vulnerability is due to incomplete validation and error checking for the file path when specific software is uploaded. An attacker could exploit this vulnerability by uploading malicious software using the REST API. A successful exploit could allow an attacker to escalate their privilege level to root. The attacker would need to have the administrator role on the device. | |||||
| CVE-2019-1906 | 1 Cisco | 1 Prime Infrastructure | 2020-10-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the Virtual Domain system of Cisco Prime Infrastructure (PI) could allow an authenticated, remote attacker to change the virtual domain configuration, which could lead to privilege escalation. The vulnerability is due to improper validation of API requests. An attacker could exploit this vulnerability by manipulating requests sent to an affected PI server. A successful exploit could allow the attacker to change the virtual domain configuration and possibly elevate privileges. | |||||
| CVE-2019-1978 | 1 Cisco | 3 Firepower Management Center, Firepower Services Software For Asa, Firepower Threat Defense | 2020-10-16 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the stream reassembly component of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to improper reassembly of traffic streams. An attacker could exploit this vulnerability by sending crafted streams through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious requests to protected systems that would otherwise be blocked. | |||||
| CVE-2019-1981 | 1 Cisco | 3 Firepower Management Center, Firepower Services Software For Asa, Firepower Threat Defense | 2020-10-16 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to insufficient normalization of a text-based payload. An attacker could exploit this vulnerability by sending traffic that contains specifically obfuscated payloads through an affected device. An exploit could allow the attacker to bypass filtering and deliver malicious payloads to protected systems that would otherwise be blocked. | |||||
| CVE-2019-1969 | 1 Cisco | 65 Nexus 3016, Nexus 3048, Nexus 3064 and 62 more | 2020-10-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name. | |||||
| CVE-2017-9144 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2020-10-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c. | |||||
| CVE-2017-9141 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2020-10-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c. | |||||
| CVE-2017-9142 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2020-10-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c. | |||||
| CVE-2017-15121 | 1 Redhat | 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2020-10-15 | 4.9 MEDIUM | 5.5 MEDIUM |
| A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary. | |||||
| CVE-2018-1000026 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2020-10-15 | 6.8 MEDIUM | 7.7 HIGH |
| Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. | |||||
| CVE-2017-18367 | 1 Libseccomp-golang Project | 1 Libseccomp-golang | 2020-10-14 | 5.0 MEDIUM | 7.5 HIGH |
| libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by specifying a single matching argument. | |||||
| CVE-2017-13145 | 3 Canonical, Debian, Imagemagick | 3 Ubuntu Linux, Debian Linux, Imagemagick | 2020-10-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image function in coders/jp2.c does not properly validate the channel geometry, leading to a crash. | |||||
| CVE-2020-5985 | 1 Nvidia | 1 Virtual Gpu Manager | 2020-10-14 | 3.6 LOW | 7.1 HIGH |
| NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | |||||
| CVE-2020-24807 | 1 Socket.io-file Project | 1 Socket.io-file | 2020-10-14 | 6.8 MEDIUM | 7.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-10967 | 1 Dovecot | 1 Dovecot | 2020-10-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. | |||||
| CVE-2019-1587 | 1 Cisco | 28 Nexus 9000, Nexus 92160yc-x, Nexus 92300yc and 25 more | 2020-10-13 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode could allow an authenticated, remote attacker to access sensitive information. The vulnerability occurs because the affected software does not properly validate user-supplied input. An attacker could exploit this vulnerability by issuing certain commands with filtered query results on the device. This action may cause returned messages to display confidential system information. A successful exploit could allow the attacker to read sensitive information on the device. | |||||
| CVE-2019-1805 | 1 Cisco | 1 Wireless Lan Controller Software | 2020-10-13 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability in certain access control mechanisms for the Secure Shell (SSH) server implementation for Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, adjacent attacker to access a CLI instance on an affected device. The vulnerability is due to a lack of proper input- and validation-checking mechanisms for inbound SSH connections on an affected device. An attacker could exploit this vulnerability by attempting to establish an SSH connection to an affected controller. An exploit could allow the attacker to access an affected device's CLI to potentially cause further attacks. This vulnerability has been fixed in version 8.5(140.0). | |||||
| CVE-2020-5986 | 1 Nvidia | 1 Virtual Gpu Manager | 2020-10-13 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | |||||
| CVE-2019-1743 | 1 Cisco | 1 Ios Xe | 2020-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the web UI framework of Cisco IOS XE Software could allow an authenticated, remote attacker to make unauthorized changes to the filesystem of the affected device. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by crafting a malicious file and uploading it to the device. An exploit could allow the attacker to gain elevated privileges on the affected device. | |||||
| CVE-2020-15731 | 1 Bitdefender | 1 Engines | 2020-10-09 | 4.3 MEDIUM | 3.6 LOW |
| An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448. | |||||
| CVE-2020-26597 | 1 Google | 1 Android | 2020-10-08 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on LG mobile devices with Android OS 9.0 and 10 software. The Wi-Fi subsystem has incorrect input validation, leading to a crash. The LG ID is LVE-SMP-200022 (October 2020). | |||||
| CVE-2019-15959 | 1 Cisco | 10 Spa500 Series Ip Phones Firmware, Spa500ds, Spa500s and 7 more | 2020-10-08 | 4.6 MEDIUM | 6.6 MEDIUM |
| A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context. | |||||
| CVE-2020-3511 | 1 Cisco | 51 Asr1001-hx, Asr1001-hx-rf, Asr1001-x and 48 more | 2020-10-08 | 6.1 MEDIUM | 7.4 HIGH |
| A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the ISDN Q.931 messages are processed. An attacker could exploit this vulnerability by sending a malicious ISDN Q.931 message to an affected device. A successful exploit could allow the attacker to cause the process to crash, resulting in a reload of the affected device. | |||||
| CVE-2019-12687 | 1 Cisco | 1 Firepower Management Center | 2020-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device. | |||||
| CVE-2019-12688 | 1 Cisco | 1 Firepower Management Center | 2020-10-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web UI of the Cisco Firepower Management Center (FMC) could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary commands within the affected device. | |||||
| CVE-2020-3516 | 1 Cisco | 1 Ios Xe | 2020-10-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote attacker to crash the web server on the device. The vulnerability is due to insufficient input validation during authentication. An attacker could exploit this vulnerability by entering unexpected characters during a valid authentication. A successful exploit could allow the attacker to crash the web server on the device, which must be manually recovered by disabling and re-enabling the web server. | |||||
| CVE-2019-1721 | 1 Cisco | 1 Telepresence Video Communication Server | 2020-10-07 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the phone book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to cause the CPU to increase to 100% utilization, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to improper handling of the XML input. An attacker could exploit this vulnerability by sending a Session Initiation Protocol (SIP) message with a crafted XML payload to an affected device. A successful exploit could allow the attacker to exhaust CPU resources, resulting in a DoS condition. Manual intervention may be required to recover the device. This vulnerability is fixed in Cisco Expressway Series and Cisco TelePresence Video Communication Server Releases X12.5.1 and later. | |||||
| CVE-2019-1682 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2020-10-07 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the FUSE filesystem functionality for Cisco Application Policy Infrastructure Controller (APIC) software could allow an authenticated, local attacker to escalate privileges to root on an affected device. The vulnerability is due to insufficient input validation for certain command strings issued on the CLI of the affected device. An attacker with write permissions for files within a readable folder on the device could alter certain definitions in the affected file. A successful exploit could allow an attacker to cause the underlying FUSE driver to execute said crafted commands, elevating the attacker's privileges to root on an affected device. | |||||
| CVE-2019-15289 | 1 Cisco | 7 Roomos, Telepresence Collaboration Endpoint, Webex Board 55 and 4 more | 2020-10-06 | 7.8 HIGH | 7.5 HIGH |
| Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted traffic to the video service of an affected endpoint. A successful exploit could allow the attacker to cause the video service to crash, resulting in a DoS condition on an affected device. | |||||
| CVE-2020-5238 | 1 Github Flavored Markdown Project | 1 Github Flavored Markdown | 2020-10-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. An attacker could craft a markdown table which would take an unreasonably long time to process, causing a denial of service. This issue does not affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1. | |||||
| CVE-2019-1648 | 1 Cisco | 12 Sd-wan, Vbond Orchestrator, Vedge 100 and 9 more | 2020-10-05 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the user group configuration of the Cisco SD-WAN Solution could allow an authenticated, local attacker to gain elevated privileges on an affected device. The vulnerability is due to a failure to properly validate certain parameters included within the group configuration. An attacker could exploit this vulnerability by writing a crafted file to the directory where the user group configuration is located in the underlying operating system. A successful exploit could allow the attacker to gain root-level privileges and take full control of the device. | |||||
| CVE-2019-16017 | 1 Cisco | 1 Unified Customer Voice Portal | 2020-10-05 | 4.0 MEDIUM | 6.8 MEDIUM |
| A vulnerability in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Server for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to execute Insecure Direct Object Reference actions on specific pages within the OAMP application. The vulnerability is due to insufficient input validation on specific pages of the OAMP application. An attacker could exploit this vulnerability by authenticating to Cisco Unified CVP and sending crafted HTTP requests. A successful exploit could allow an attacker with administrator or read-only privileges to learn information outside of their expected scope. An attacker with administrator privileges could modify certain configuration details of resources outside of their defined scope, which could result in a denial of service (DoS) condition. | |||||
| CVE-2019-1983 | 1 Cisco | 3 Asyncos, Content Security Management Appliance, Email Security Appliance | 2020-10-01 | 7.8 HIGH | 5.3 MEDIUM |
| A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of email attachments. An attacker could exploit this vulnerability by sending an email message with a crafted attachment through an affected device. A successful exploit could allow the attacker to cause specific processes to crash repeatedly, resulting in the complete unavailability of both the Cisco Advanced Malware Protection (AMP) and message tracking features and in severe performance degradation while processing email. After the affected processes restart, the software resumes filtering for the same attachment, causing the affected processes to crash and restart again. A successful exploit could also allow the attacker to cause a repeated DoS condition. Manual intervention may be required to recover from this situation. | |||||
| CVE-2019-1947 | 1 Cisco | 2 Asyncos, Email Security Appliance | 2020-10-01 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email messages that contain large attachments. An attacker could exploit this vulnerability by sending a malicious email message through the targeted device. A successful exploit could allow the attacker to cause a permanent DoS condition due to high CPU utilization. This vulnerability may require manual intervention to recover the ESA. | |||||
| CVE-2019-7178 | 1 Pexip | 1 Pexip Infinity | 2020-09-30 | 9.0 HIGH | 7.2 HIGH |
| Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup. | |||||
| CVE-2020-11805 | 1 Pexip | 2 Pexip Infinity, Reverse Proxy And Turn Server | 2020-09-30 | 9.3 HIGH | 9.8 CRITICAL |
| Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. | |||||
| CVE-2020-12824 | 1 Pexip | 1 Pexip Infinity | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. | |||||
| CVE-2020-13387 | 1 Pexip | 1 Pexip Infinity | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323. | |||||
| CVE-2020-24615 | 1 Pexip | 1 Pexip Infinity | 2020-09-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP. | |||||