Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1947 | 1 Cisco | 2 Asyncos, Email Security Appliance | 2020-10-01 | 7.8 HIGH | 8.6 HIGH |
| A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email messages that contain large attachments. An attacker could exploit this vulnerability by sending a malicious email message through the targeted device. A successful exploit could allow the attacker to cause a permanent DoS condition due to high CPU utilization. This vulnerability may require manual intervention to recover the ESA. | |||||
| CVE-2019-7178 | 1 Pexip | 1 Pexip Infinity | 2020-09-30 | 9.0 HIGH | 7.2 HIGH |
| Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup. | |||||
| CVE-2020-11805 | 1 Pexip | 2 Pexip Infinity, Reverse Proxy And Turn Server | 2020-09-30 | 9.3 HIGH | 9.8 CRITICAL |
| Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. | |||||
| CVE-2020-12824 | 1 Pexip | 1 Pexip Infinity | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. | |||||
| CVE-2020-13387 | 1 Pexip | 1 Pexip Infinity | 2020-09-30 | 5.0 MEDIUM | 7.5 HIGH |
| Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323. | |||||
| CVE-2020-24615 | 1 Pexip | 1 Pexip Infinity | 2020-09-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP. | |||||
| CVE-2015-1855 | 3 Debian, Puppet, Ruby-lang | 5 Debian Linux, Puppet Agent, Puppet Enterprise and 2 more | 2020-09-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters. | |||||
| CVE-2020-4324 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2020-09-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515. | |||||
| CVE-2016-6380 | 1 Cisco | 6 Ios, Ios Xe, Ios Xe 3.2ja and 3 more | 2020-09-29 | 8.3 HIGH | 8.1 HIGH |
| The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.15 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (data corruption or device reload) via a crafted DNS response, aka Bug ID CSCup90532. | |||||
| CVE-2019-18228 | 1 Honeywell | 50 H2w2gr1, H2w2gr1 Firmware, H2w2pc1m and 47 more | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| Honeywell equIP series IP cameras Multiple equIP Series Cameras, A vulnerability exists in the affected products where a specially crafted HTTP packet request could result in a denial of service. | |||||
| CVE-2019-11071 | 2 Debian, Spip | 2 Debian Linux, Spip | 2020-09-28 | 6.5 MEDIUM | 8.8 HIGH |
| SPIP 3.1 before 3.1.10 and 3.2 before 3.2.4 allows authenticated visitors to execute arbitrary code on the host server because var_memotri is mishandled. | |||||
| CVE-2020-10715 | 1 Redhat | 1 Openshift | 2020-09-28 | 4.3 MEDIUM | 4.3 MEDIUM |
| A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows an attacker to craft a URL and inject arbitrary text onto the error page that appears to be from the OpenShift instance. This attack could potentially convince a user that the inserted text is legitimate. | |||||
| CVE-2011-1248 | 1 Microsoft | 2 Windows Server 2003, Windows Server 2008 | 2020-09-28 | 9.3 HIGH | N/A |
| WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability." | |||||
| CVE-2011-2004 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-09-28 | 7.1 HIGH | N/A |
| Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402. | |||||
| CVE-2012-2549 | 1 Microsoft | 2 Windows Server 2008, Windows Server 2012 | 2020-09-28 | 5.8 MEDIUM | N/A |
| The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability." | |||||
| CVE-2019-1389 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2020-09-28 | 7.7 HIGH | 8.4 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1397, CVE-2019-1398. | |||||
| CVE-2011-1966 | 1 Microsoft | 1 Windows Server 2008 | 2020-09-28 | 10.0 HIGH | N/A |
| The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability." | |||||
| CVE-2019-1397 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2020-09-28 | 7.7 HIGH | 8.4 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1389, CVE-2019-1398. | |||||
| CVE-2012-0152 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2020-09-28 | 4.3 MEDIUM | N/A |
| The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability." | |||||
| CVE-2020-0362 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-123237930 | |||||