Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-21075 | 1 Google | 1 Android | 2020-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. The Call+ application can load classes from an unintended path, leading to Code Execution. The Samsung ID is SVE-2017-10886 (April 2018). | |||||
| CVE-2018-21076 | 2 Google, Samsung | 3 Android, Exynos 8890, Exynos 8895 | 2020-04-09 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018). | |||||
| CVE-2018-21056 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x) software. The Smartwatch displays Secure Folder Notification content. The Samsung ID is SVE-2018-12458 (September 2018). | |||||
| CVE-2018-21086 | 1 Google | 1 Android | 2020-04-09 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018). | |||||
| CVE-2018-21055 | 2 Google, Qualcomm | 2 Android, Msm8996 | 2020-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018). | |||||
| CVE-2018-21053 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018). | |||||
| CVE-2018-21090 | 1 Google | 1 Android | 2020-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with software through 2017-11-03 (S.LSI modem chipsets). The Exynos modem chipset has a baseband buffer overflow. The Samsung ID is SVE-2017-10745 (January 2018). | |||||
| CVE-2017-18689 | 2 Google, Samsung | 4 Android, Exynos 5433, Exynos 7420 and 1 more | 2020-04-09 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos5433, Exynos7420, or Exynos7870 chipsets) software. An attacker can bypass a ko (aka Kernel Module) signature by modifying the count of kernel modules. The Samsung ID is SVE-2016-7466 (January 2017). | |||||
| CVE-2018-21052 | 1 Google | 1 Android | 2020-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is incorrect usage of shared memory in the vaultkeeper Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12855 (October 2018). | |||||
| CVE-2020-6647 | 1 Fortinet | 1 Fortiadc Firmware | 2020-04-09 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter. | |||||
| CVE-2018-21050 | 1 Google | 1 Android | 2020-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is a Buffer overflow in the esecomm Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12852 (October 2018). | |||||
| CVE-2018-21051 | 1 Google | 1 Android | 2020-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is an invalid free in the fingerprint Trustlet, leading to arbitrary code execution. The Samsung ID is SVE-2018-12853 (October 2018). | |||||
| CVE-2020-11508 | 1 Wpleadplus | 1 Wp Lead Plus X | 2020-04-09 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action. | |||||
| CVE-2020-5550 | 1 Plathome | 4 Easyblocks Ipv6, Easyblocks Ipv6 Enterprise, Easyblocks Ipv6 Enterprise Firmware and 1 more | 2020-04-09 | 5.8 MEDIUM | 8.1 HIGH |
| Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earlier, and Enterprise Ver. 2.0.1 and earlier allows remote attackers to impersonate a registered user and log in the management console, that may result in information alteration/disclosure via unspecified vectors. | |||||
| CVE-2018-21066 | 1 Google | 1 Android | 2020-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung ID is SVE-2018-11599 (July 2018). | |||||
| CVE-2018-21063 | 1 Google | 1 Android | 2020-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) (Exynos chipsets) software. Keymaster has an architectural problem because tlApi in TEE is not properly protected. The Samsung ID is SVE-2018-11792 (August 2018). | |||||
| CVE-2018-21078 | 1 Google | 1 Android | 2020-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software. The Contacts application allows attackers to originate video calls because SS (Supplementary Service) and USSD (Unstructured Supplementary Service Data) codes are improperly secured. The Samsung ID is SVE-2018-11469 (April 2018). | |||||
| CVE-2018-21079 | 1 Google | 1 Android | 2020-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software. There is a kernel pointer leak in the USB gadget driver. The Samsung ID is SVE-2017-10993 (March 2018). | |||||
| CVE-2018-21080 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) software. A physically proximate attacker wielding a magnet can activate NFC to bypass the lockscreen. The Samsung ID is SVE-2017-10897 (March 2018). | |||||
| CVE-2018-21077 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 (April 2018). | |||||
| CVE-2018-21067 | 1 Google | 1 Android | 2020-04-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with M(6.0) software. There is an information disclosure in a Trustlet because an address is logged. The Samsung ID is SVE-2018-11600 (July 2018). | |||||
| CVE-2016-11036 | 1 Google | 1 Android | 2020-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with M(6.0) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-6008 (August 2016). | |||||
| CVE-2017-18646 | 1 Google | 1 Android | 2020-04-09 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. An attacker can bypass the password requirement for tablet user switching by folding the magnetic cover. The Samsung ID is SVE-2017-10602 (December 2017). | |||||
| CVE-2018-21064 | 1 Google | 1 Android | 2020-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is an array overflow in a driver's input booster. The Samsung ID is SVE-2017-11816 (August 2018). | |||||
| CVE-2020-7009 | 1 Elastic | 1 Elasticsearch | 2020-04-09 | 6.5 MEDIUM | 8.8 HIGH |
| Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges. | |||||
| CVE-2017-18684 | 1 Google | 1 Android | 2020-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows provider seizure via an application that uses a custom provider. The Samsung ID is SVE-2016-6942 (February 2017). | |||||
| CVE-2018-21065 | 1 Google | 1 Android | 2020-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is an integer underflow in eCryptFS because of a missing size check. The Samsung ID is SVE-2017-11855 (August 2018). | |||||
| CVE-2017-18683 | 1 Google | 1 Android | 2020-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software. SVoice allows Hare Hunting during application installation. The Samsung ID is SVE-2016-6942 (February 2017). | |||||
| CVE-2020-5233 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2020-04-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0. | |||||
| CVE-2016-11039 | 1 Google | 1 Android | 2020-04-09 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9x35, or Qualcomm Onechip) software. There is a NULL pointer dereference issue in the IPC socket code. The Samsung ID is SVE-2016-5980 (July 2016). | |||||
| CVE-2018-21092 | 1 Google | 1 Android | 2020-04-09 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018). | |||||
| CVE-2020-5302 | 1 Mh-wikibot Project | 1 Mh-wikibot | 2020-04-09 | 6.4 MEDIUM | 6.5 MEDIUM |
| MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1. | |||||
| CVE-2019-18193 | 1 Unisys | 1 Stealth | 2020-04-09 | 6.9 MEDIUM | 7.5 HIGH |
| In Unisys Stealth (core) 3.4.108.0, 3.4.209.x, 4.0.027.x and 4.0.114, key material inadvertently logged under certain conditions. Fixed included in 3.4.109, 4.0.027.13, 4.0.125 and 5.0.013.0. | |||||
| CVE-2010-2091 | 1 Microsoft | 3 Exchange Server, Internet Explorer, Windows Server 2003 | 2020-04-09 | 4.3 MEDIUM | N/A |
| Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. | |||||
| CVE-2015-9485 | 1 Accio Responsive Onepage Parallax Site Template Project | 1 Accio Responsive Onepage Parallax Site Template | 2020-04-09 | 5.0 MEDIUM | 7.5 HIGH |
| The ThemeMakers Accio Responsive Parallax One Page Site Template component through 2015-05-15 for WordPress allows remote attackers to obtain sensitive information (such as user_login, user_pass, and user_email values) via a direct request for the wp-content/uploads/tmm_db_migrate/wp_users.dat URI. | |||||
| CVE-2020-5282 | 1 Nick Chan Bot Project | 1 Nick Chan Bot | 2020-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta | |||||
| CVE-2005-0420 | 1 Microsoft | 1 Exchange Server | 2020-04-09 | 5.8 MEDIUM | N/A |
| Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application. | |||||
| CVE-2005-0738 | 1 Microsoft | 1 Exchange Server | 2020-04-09 | 5.0 MEDIUM | N/A |
| Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls. | |||||
| CVE-2004-0203 | 1 Microsoft | 1 Exchange Server | 2020-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query. | |||||
| CVE-2004-0840 | 1 Microsoft | 3 Exchange Server, Windows Server 2003, Windows Xp | 2020-04-09 | 10.0 HIGH | N/A |
| The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated. | |||||
| CVE-2004-0574 | 1 Microsoft | 4 Exchange Server, Windows 2000, Windows Nt and 1 more | 2020-04-09 | 10.0 HIGH | N/A |
| The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. | |||||
| CVE-2003-0714 | 1 Microsoft | 1 Exchange Server | 2020-04-09 | 7.5 HIGH | N/A |
| The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000. | |||||
| CVE-2003-0904 | 1 Microsoft | 3 Exchange Server, Sharepoint Services, Windows Server 2003 | 2020-04-09 | 6.0 MEDIUM | N/A |
| Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed. | |||||
| CVE-2003-0712 | 1 Microsoft | 1 Exchange Server | 2020-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script. | |||||
| CVE-2002-1790 | 1 Microsoft | 3 Exchange Server, Internet Information Server, Internet Information Services | 2020-04-09 | 5.0 MEDIUM | N/A |
| The SMTP service in Microsoft Internet Information Services (IIS) 4.0 and 5.0 allows remote attackers to bypass anti-relaying rules and send spam or spoofed messages via encapsulated SMTP addresses, a similar vulnerability to CVE-1999-0682. | |||||
| CVE-2002-1873 | 1 Microsoft | 1 Exchange Server | 2020-04-09 | 5.0 MEDIUM | N/A |
| Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls. | |||||
| CVE-2002-1876 | 1 Microsoft | 1 Exchange Server | 2020-04-09 | 2.1 LOW | N/A |
| Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. | |||||
| CVE-2001-0726 | 1 Microsoft | 1 Exchange Server | 2020-04-09 | 7.5 HIGH | N/A |
| Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message. | |||||
| CVE-2002-0054 | 1 Microsoft | 2 Exchange Server, Windows 2000 | 2020-04-09 | 7.5 HIGH | N/A |
| SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials. | |||||
| CVE-2002-0055 | 1 Microsoft | 3 Exchange Server, Windows 2000, Windows Xp | 2020-04-09 | 5.0 MEDIUM | N/A |
| SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. | |||||