Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17636 | 1 Eclipse | 1 Theia | 2020-03-11 | 5.8 MEDIUM | 8.1 HIGH |
| In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre-packaged Theia extensions is "Mini-Browser", published as "@theia/mini-browser" on npmjs.com. This extension, for its own needs, exposes a HTTP endpoint that allows to read the content of files on the host's filesystem, given their path, without restrictions on the requester's origin. This design is vulnerable to being exploited remotely through a DNS rebinding attack or a drive-by download of a carefully crafted exploit. | |||||
| CVE-2020-0048 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 5.5 MEDIUM |
| In onTransact of IAudioFlinger.cpp, there is a possible stack information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-139417189 | |||||
| CVE-2020-6407 | 1 Google | 1 Chrome | 2020-03-11 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-0049 | 1 Google | 1 Android | 2020-03-11 | 4.3 MEDIUM | 6.5 MEDIUM |
| In onReadBuffer() of StreamingSource.cpp, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140177694 | |||||
| CVE-2020-0042 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 4.4 MEDIUM |
| In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137649599 | |||||
| CVE-2020-0043 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 4.4 MEDIUM |
| In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137650218 | |||||
| CVE-2020-0062 | 1 Google | 1 Android | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| In Euicc, there is a possible information disclosure due to an included test Certificate. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143232031 | |||||
| CVE-2020-0056 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 5.5 MEDIUM |
| In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141619686 | |||||
| CVE-2020-0057 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 5.5 MEDIUM |
| In btm_process_inq_results of btm_inq.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141620271 | |||||
| CVE-2019-11938 | 1 Facebook | 1 Thrift | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| Java Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2019.12.09.00. | |||||
| CVE-2019-3553 | 1 Facebook | 1 Thrift | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| C++ Facebook Thrift servers would not error upon receiving messages declaring containers of sizes larger than the payload. As a result, malicious clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. This issue affects Facebook Thrift prior to v2020.02.03.00. | |||||
| CVE-2020-0053 | 1 Google | 1 Android | 2020-03-11 | 4.6 MEDIUM | 6.7 MEDIUM |
| In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanDataPathIndicationResponseToLegacy of hidl_struct_util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143789898 | |||||
| CVE-2020-0054 | 1 Google | 1 Android | 2020-03-11 | 4.6 MEDIUM | 7.8 HIGH |
| In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java, there is a possible permission revocation due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-146642727 | |||||
| CVE-2020-0058 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 4.4 MEDIUM |
| In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141745011 | |||||
| CVE-2020-0044 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 4.4 MEDIUM |
| In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137650219 | |||||
| CVE-2018-6845 | 1 Olx Clone Script Project | 1 Olx Clone Script | 2020-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field. | |||||
| CVE-2018-6858 | 1 Facebook Clone Script Project | 1 Facebook Clone Script | 2020-03-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone Script. | |||||
| CVE-2018-6860 | 1 Schools Alert Management Script Project | 1 Schools Alert Management Script | 2020-03-11 | 6.5 MEDIUM | 8.8 HIGH |
| Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture. | |||||
| CVE-2018-6861 | 1 Lawyer Search Script Project | 1 Lawyer Search Script | 2020-03-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search Script 1.0.2 via a profile update parameter. | |||||
| CVE-2013-2830 | 1 Sumatrapdfreader | 1 Sumatrapdf | 2020-03-11 | 9.3 HIGH | 7.8 HIGH |
| Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 allows remote attackers to execute arbitrary code via a crafted PDF file. | |||||
| CVE-2020-0059 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 5.5 MEDIUM |
| In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142543524 | |||||
| CVE-2020-0060 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 4.4 MEDIUM |
| In query of SmsProvider.java and MmsSmsProvider.java, there is a possible permission bypass due to SQL injection. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-143229845 | |||||
| CVE-2009-1605 | 1 Sumatrapdfreader | 1 Sumatrapdf | 2020-03-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the loadexponentialfunc function in mupdf/pdf_function.c in MuPDF in the mupdf-20090223-win32 package, as used in SumatraPDF 0.9.3 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4117 | 1 Sumatrapdfreader | 1 Sumatrapdf | 2020-03-11 | 9.3 HIGH | N/A |
| Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-4895 | 1 Sumatrapdfreader | 1 Sumatrapdf | 2020-03-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4896. | |||||
| CVE-2012-4896 | 1 Sumatrapdfreader | 1 Sumatrapdf | 2020-03-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in SumatraPDF before 2.1 allows remote attackers to execute arbitrary code via a crafted PDF document, a different vulnerability than CVE-2012-4895. | |||||
| CVE-2020-0083 | 1 Google | 1 Android | 2020-03-11 | 5.0 MEDIUM | 7.5 HIGH |
| In setRequirePmfInternal of sta_network.cpp, there is a possible default value being improperly applied due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142797954 | |||||
| CVE-2020-0032 | 1 Google | 1 Android | 2020-03-11 | 9.3 HIGH | 8.8 HIGH |
| In ih264d_release_display_bufs of ih264d_utils.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-145364230 | |||||
| CVE-2020-0031 | 1 Google | 1 Android | 2020-03-11 | 4.7 MEDIUM | 5.0 MEDIUM |
| In triggerAugmentedAutofillLocked and related functions of Session.java, it is possible for Augmented Autofill to display sensitive information to the user inappropriately. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141703197 | |||||
| CVE-2020-0010 | 1 Google | 1 Android | 2020-03-11 | 7.2 HIGH | 6.7 MEDIUM |
| In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137014293References: N/A | |||||
| CVE-2020-0011 | 1 Google | 1 Android | 2020-03-11 | 7.2 HIGH | 6.7 MEDIUM |
| In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137648045References: N/A | |||||
| CVE-2020-0012 | 1 Google | 1 Android | 2020-03-11 | 7.2 HIGH | 6.7 MEDIUM |
| In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-137648844 | |||||
| CVE-2020-0029 | 1 Google | 1 Android | 2020-03-11 | 2.1 LOW | 2.3 LOW |
| In the WifiConfigManager, there is a possible storage of location history which can only be deleted by triggering a factory reset. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140065828 | |||||
| CVE-2012-1094 | 1 Redhat | 1 Jboss Application Server | 2020-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed. | |||||
| CVE-2019-13007 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.11 through 12.0.2. When an admin enabled one of the service templates, it was triggering an action that leads to resource depletion. It allows Uncontrolled Resource Consumption. | |||||
| CVE-2016-9158 | 1 Siemens | 21 Simatic S7-300 Cpu 312, Simatic S7-300 Cpu 314, Simatic S7-300 Cpu 315-2 Dp and 18 more | 2020-03-10 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system. | |||||
| CVE-2016-9159 | 1 Siemens | 21 Simatic S7-300 Cpu 312, Simatic S7-300 Cpu 314, Simatic S7-300 Cpu 315-2 Dp and 18 more | 2020-03-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices. | |||||
| CVE-2016-1487 | 1 Lexmark | 1 Markvision Enterprise | 2020-03-10 | 6.8 MEDIUM | 8.8 HIGH |
| Lexmark Markvision Enterprise before 2.3.0 misuses the Apache Commons Collections Library, leading to remote code execution because of Java deserialization. | |||||
| CVE-2011-4538 | 1 Lexmark | 66 C540, C540 Firmware, C543 and 63 more | 2020-03-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings. | |||||
| CVE-2011-3269 | 1 Lexmark | 168 25xxn, 25xxn Firmware, 6500e and 165 more | 2020-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut. | |||||
| CVE-2012-1096 | 2 Debian, Gnome | 2 Debian Linux, Networkmanager | 2020-03-10 | 4.9 MEDIUM | 5.5 MEDIUM |
| NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. | |||||
| CVE-2019-12444 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.9 through 11.11. Wiki Pages contained a lack of input validation which resulted in a persistent XSS vulnerability. | |||||
| CVE-2019-13001 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.9 and later through 12.0.2. GitLab Snippets were vulnerable to an authorization issue that allowed unauthorized users to add comments to a private snippet. It allows authentication bypass. | |||||
| CVE-2019-12445 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. A malicious user could execute JavaScript code on notes by importing a specially crafted project file. It allows XSS. | |||||
| CVE-2019-12443 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in GitLab Community and Enterprise Edition 10.2 through 11.11. Multiple features contained Server-Side Request Forgery (SSRF) vulnerabilities caused by an insufficient validation to prevent DNS rebinding attacks. | |||||
| CVE-2019-12441 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control. | |||||
| CVE-2019-12442 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Enterprise Edition 11.7 through 11.11. The epic details page contained a lack of input validation and output encoding issue which resulted in a persistent XSS vulnerability on child epics. | |||||
| CVE-2019-12446 | 1 Gitlab | 1 Gitlab | 2020-03-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message. | |||||
| CVE-2020-8987 | 1 Avast | 2 Antitrack, Avg Antitrack | 2020-03-10 | 5.8 MEDIUM | 7.4 HIGH |
| Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with "Allow filtering of HTTPS traffic for tracking detection" enabled. (This is the default configuration.) | |||||
| CVE-2017-17625 | 1 On Demand Marketplace Script Project | 1 On Demand Marketplace Script | 2020-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| Professional Service Script 1.0 has SQL Injection via the service-list city parameter. | |||||