Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2651 | 1 Google | 1 Chrome | 2020-08-07 | 9.3 HIGH | N/A |
| The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2010-2650 | 1 Google | 1 Chrome | 2020-08-07 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs." | |||||
| CVE-2010-1770 | 6 Apple, Canonical, Google and 3 more | 12 Mac Os X, Mac Os X Server, Safari and 9 more | 2020-08-07 | 9.3 HIGH | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue." | |||||
| CVE-2020-16636 | 2020-08-07 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2010-0727 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2020-08-07 | 4.9 MEDIUM | N/A |
| The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute permission, which allows local users to cause a denial of service (BUG and system crash) by locking a file on a (1) GFS or (2) GFS2 filesystem, and then changing this file's permissions. | |||||
| CVE-2009-2910 | 6 Canonical, Fedoraproject, Linux and 3 more | 13 Ubuntu Linux, Fedora, Linux Kernel and 10 more | 2020-08-07 | 2.1 LOW | N/A |
| arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 process to 64-bit mode. | |||||
| CVE-2009-2768 | 1 Linux | 1 Linux Kernel | 2020-08-07 | 7.2 HIGH | 7.8 HIGH |
| The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer." | |||||
| CVE-2010-2478 | 3 Canonical, Linux, Suse | 4 Ubuntu Linux, Linux Kernel, Linux Enterprise Desktop and 1 more | 2020-08-07 | 7.2 HIGH | N/A |
| Integer overflow in the ethtool_get_rxnfc function in net/core/ethtool.c in the Linux kernel before 2.6.33.7 on 32-bit platforms allows local users to cause a denial of service or possibly have unspecified other impact via an ETHTOOL_GRXCLSRLALL ethtool command with a large info.rule_cnt value that triggers a buffer overflow, a different vulnerability than CVE-2010-3084. | |||||
| CVE-2011-0711 | 2 Linux, Redhat | 6 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2020-08-07 | 2.1 LOW | N/A |
| The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel before 2.6.38-rc6-git3 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an FSGEOMETRY_V1 ioctl call. | |||||
| CVE-2020-9036 | 1 Jeedom | 1 Jeedom | 2020-08-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jeedom through 4.0.38 allows XSS. | |||||
| CVE-2010-0205 | 7 Apple, Canonical, Debian and 4 more | 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more | 2020-08-07 | 4.3 MEDIUM | N/A |
| The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. | |||||
| CVE-2020-13921 | 1 Apache | 1 Skywalking | 2020-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. | |||||
| CVE-2020-14019 | 1 Rtslib-fb Project | 1 Rtslib-fb | 2020-08-07 | 4.6 MEDIUM | 7.8 HIGH |
| Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. | |||||
| CVE-2019-18393 | 1 Igniterealtime | 1 Openfire | 2020-08-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| PluginServlet.java in Ignite Realtime Openfire through 4.4.2 does not ensure that retrieved files are located under the Openfire home directory, aka a directory traversal vulnerability. | |||||
| CVE-2019-18394 | 1 Igniterealtime | 1 Openfire | 2020-08-07 | 7.5 HIGH | 9.8 CRITICAL |
| A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. | |||||
| CVE-2010-2110 | 1 Google | 1 Chrome | 2020-08-06 | 7.5 HIGH | N/A |
| Google Chrome before 5.0.375.55 does not properly execute JavaScript code in the extension context, which has unspecified impact and remote attack vectors. | |||||
| CVE-2010-2108 | 1 Google | 1 Chrome | 2020-08-06 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Google Chrome before 5.0.375.55 allows remote attackers to bypass the whitelist-mode plugin blocker via unknown vectors. | |||||
| CVE-2010-2109 | 1 Google | 1 Chrome | 2020-08-06 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the "drag + drop" functionality. | |||||
| CVE-2010-2106 | 1 Google | 1 Chrome | 2020-08-06 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Google Chrome before 5.0.375.55 might allow remote attackers to spoof the URL bar via vectors involving unload event handlers. | |||||
| CVE-2010-2107 | 1 Google | 1 Chrome | 2020-08-06 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Google Chrome before 5.0.375.55 allows attackers to cause a denial of service (memory error) or possibly have unspecified other impact via vectors related to the Safe Browsing functionality. | |||||
| CVE-2010-2105 | 1 Google | 1 Chrome | 2020-08-06 | 10.0 HIGH | N/A |
| Google Chrome before 5.0.375.55 does not properly follow the Safe Browsing specification's requirements for canonicalization of URLs, which has unspecified impact and remote attack vectors. | |||||
| CVE-2014-1497 | 6 Canonical, Debian, Mozilla and 3 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2020-08-06 | 6.8 MEDIUM | 8.8 HIGH |
| The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive information from process heap memory, cause a denial of service (out-of-bounds read and application crash), or possibly have unspecified other impact via a crafted WAV file. | |||||
| CVE-2020-5616 | 8 Calendar01 Project, Calendar02 Project, Calendarform01 Project and 5 more | 8 Calendar01, Calendar02, Calendarform01 and 5 more | 2020-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| [Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors. | |||||
| CVE-2020-5615 | 2 Calendar01 Project, Calendar02 Project | 2 Calendar01, Calendar02 | 2020-08-06 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2020-16254 | 1 Chartkick Project | 1 Chartkick | 2020-08-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). | |||||
| CVE-2020-5617 | 1 Skygroup | 1 Skysea Client View | 2020-08-06 | 4.6 MEDIUM | 7.8 HIGH |
| Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors. | |||||
| CVE-2020-13819 | 1 Extremenetworks | 1 Extreme Management Center | 2020-08-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | |||||
| CVE-2020-16192 | 1 Limesurvey | 1 Limesurvey | 2020-08-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters. | |||||
| CVE-2020-15956 | 1 Acti | 1 Nvr | 2020-08-06 | 5.0 MEDIUM | 7.5 HIGH |
| ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload. | |||||
| CVE-2020-16162 | 1 Ripe | 1 Rpki Validator 3 | 2020-08-06 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x through 3.1-2020.07.06.14.28. Missing validation checks on CRL presence or CRL staleness in the X509-based RPKI certificate-tree validation procedure allow remote attackers to bypass intended access restrictions by using revoked certificates. NOTE: there may be counterarguments related to backwards compatibility. | |||||
| CVE-2012-4215 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more | 2020-08-06 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | |||||
| CVE-2019-13750 | 1 Google | 1 Chrome | 2020-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page. | |||||
| CVE-2019-13752 | 1 Google | 1 Chrome | 2020-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-13753 | 1 Google | 1 Chrome | 2020-08-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2019-19926 | 1 Sqlite | 1 Sqlite | 2020-08-06 | 5.0 MEDIUM | 7.5 HIGH |
| multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880. | |||||
| CVE-2010-3881 | 3 Linux, Redhat, Suse | 6 Linux Kernel, Enterprise Linux Server, Enterprise Linux Workstation and 3 more | 2020-08-06 | 2.1 LOW | N/A |
| arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel stack memory via read operations on the /dev/kvm device. | |||||
| CVE-2010-2954 | 4 Canonical, Linux, Opensuse and 1 more | 5 Ubuntu Linux, Linux Kernel, Opensuse and 2 more | 2020-08-06 | 4.9 MEDIUM | N/A |
| The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket. | |||||
| CVE-2010-2900 | 1 Google | 1 Chrome | 2020-08-06 | 10.0 HIGH | N/A |
| Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors. | |||||
| CVE-2020-8192 | 1 Fastify | 1 Fastify | 2020-08-06 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas. | |||||
| CVE-2016-2063 | 1 Linux | 1 Linux Kernel | 2020-08-06 | 4.6 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application that sends a large amount of data through the debugfs interface. | |||||
| CVE-2020-16201 | 1 Deltaww | 1 Cncsoft Screeneditor | 2020-08-06 | 4.3 MEDIUM | 3.3 LOW |
| Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information. | |||||
| CVE-2020-16203 | 1 Deltaww | 1 Cncsoft Screeneditor | 2020-08-06 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. An uninitialized pointer may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | |||||
| CVE-2020-16199 | 1 Deltaww | 1 Cncsoft Screeneditor | 2020-08-06 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | |||||
| CVE-2016-2066 | 1 Linux | 1 Linux Kernel | 2020-08-06 | 6.8 MEDIUM | 7.8 HIGH |
| Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that makes an ioctl call. | |||||
| CVE-2014-0203 | 2 Linux, Oracle | 2 Linux Kernel, Linux | 2020-08-06 | 4.9 MEDIUM | 5.5 MEDIUM |
| The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call. | |||||
| CVE-2014-1532 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2020-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the nsHostResolver::ConditionallyRefreshRecord function in libxul.so in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors related to host resolution. | |||||
| CVE-2014-1529 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2020-08-06 | 9.3 HIGH | 8.8 HIGH |
| The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted. | |||||
| CVE-2012-5840 | 5 Canonical, Mozilla, Opensuse and 2 more | 14 Ubuntu Linux, Firefox, Firefox Esr and 11 more | 2020-08-06 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214. | |||||
| CVE-2014-1524 | 7 Canonical, Debian, Fedoraproject and 4 more | 16 Ubuntu Linux, Debian Linux, Fedora and 13 more | 2020-08-06 | 7.5 HIGH | 9.8 CRITICAL |
| The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted JavaScript code that accesses a non-XBL object as if it were an XBL object. | |||||
| CVE-2013-0784 | 3 Canonical, Mozilla, Opensuse | 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more | 2020-08-06 | 9.3 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||