Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25608 | 1 Mitel | 1 Micollab | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection. | |||||
| CVE-2020-25606 | 1 Mitel | 1 Micollab | 2021-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS. | |||||
| CVE-2020-0174 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Parse_ptbl of eas_mdls.c, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-127313537 | |||||
| CVE-2020-0160 | 1 Google | 1 Android | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| In setSyncSampleParams of SampleTable.cpp, there is possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124771364 | |||||
| CVE-2019-8857 | 1 Apple | 2 Ipados, Iphone Os | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel. | |||||
| CVE-2019-1010245 | 1 Linuxfoundation | 1 Open Network Operating System | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Linux Foundation ONOS SDN Controller 1.15 and earlier versions is affected by: Improper Input Validation. The impact is: A remote attacker can execute arbitrary commands on the controller. The component is: apps/yang/src/main/java/org/onosproject/yang/impl/YangLiveCompilerManager.java. The attack vector is: network connectivity. The fixed version is: 1.15. | |||||
| CVE-2020-3954 | 1 Vmware | 1 Vrealize Log Insight | 2021-07-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. | |||||
| CVE-2019-8515 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-origin issue existed with the fetch API. This was addressed with improved input validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2020-7614 | 1 Npm-programmatic Project | 1 Npm-programmatic | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly. | |||||
| CVE-2020-3893 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-3698 | 1 Qualcomm | 92 Apq8009, Apq8009 Firmware, Apq8017 and 89 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX55, SM8150, SM8250, SXR2130 | |||||
| CVE-2020-4896 | 1 Ibm | 1 Emptoris Sourcing | 2021-07-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987. | |||||
| CVE-2019-19416 | 1 Huawei | 100 Ar120-s, Ar120-s Firmware, Ar1200 and 97 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the attacker to cause buffer overflow and dead loop, leading to DoS condition. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-sip-en. | |||||
| CVE-2020-0192 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ih264d_decode_slice_thread of ih264d_thread_parse_decode.c, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144687080 | |||||
| CVE-2020-0910 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 7.7 HIGH | 8.4 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | |||||
| CVE-2020-11200 | 1 Qualcomm | 330 Apq8053, Apq8064au, Apq8096au and 327 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2020-27614 | 1 Anydesk | 1 Anydesk | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation. | |||||
| CVE-2020-9127 | 1 Huawei | 12 Nip6300, Nip6300 Firmware, Nip6600 and 9 more | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Some Huawei products have a command injection vulnerability. Due to insufficient input validation, an attacker with high privilege may inject some malicious codes in some files of the affected products. Successful exploit may cause command injection.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60. | |||||
| CVE-2020-35789 | 1 Netgear | 2 Nms300, Nms300 Firmware | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| NETGEAR NMS300 devices before 1.6.0.27 are affected by command injection by an authenticated user. | |||||
| CVE-2020-3653 | 1 Qualcomm | 10 Msm8998, Msm8998 Firmware, Qca6390 and 7 more | 2021-07-21 | 9.4 HIGH | 9.1 CRITICAL |
| Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850 | |||||