Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0363 | 1 Google | 1 Android | 2020-09-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libmedia, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-132274514 | |||||
| CVE-2020-14513 | 1 Wibu | 1 Codemeter | 2020-09-22 | 5.0 MEDIUM | 7.5 HIGH |
| CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. | |||||
| CVE-2020-4618 | 1 Ibm | 1 Data Risk Manager | 2020-09-22 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. IBM X-Force ID: 184937. | |||||
| CVE-2020-0320 | 1 Google | 1 Android | 2020-09-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129282427 | |||||
| CVE-2020-0333 | 1 Google | 1 Android | 2020-09-21 | 7.5 HIGH | 9.8 CRITICAL |
| In UrlQuerySanitizer, there is a possible improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-73822755 | |||||
| CVE-2020-0351 | 1 Google | 1 Android | 2020-09-21 | 7.1 HIGH | 6.5 MEDIUM |
| In libstagefright, there is possible CPU exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124777537 | |||||
| CVE-2020-0301 | 1 Google | 1 Android | 2020-09-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In libstagefright, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-124940460 | |||||
| CVE-2020-13317 | 1 Gitlab | 1 Gitlab | 2020-09-16 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8, and 13.3.4. An insufficient check in the GraphQL api allowed a maintainer to delete a repository. | |||||
| CVE-2012-6696 | 1 Inspircd | 1 Inspircd | 2020-09-14 | 7.5 HIGH | 9.8 CRITICAL |
| inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836. | |||||
| CVE-2015-8702 | 2 Debian, Inspircd | 2 Debian Linux, Inspircd | 2020-09-14 | 7.8 HIGH | 8.6 HIGH |
| The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\032" (whitespace) character in a hostname. | |||||
| CVE-2020-1890 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2020-09-11 | 5.0 MEDIUM | 7.5 HIGH |
| A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction. | |||||
| CVE-2020-24940 | 1 Laravel | 1 Laravel | 2020-09-11 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment. | |||||
| CVE-2020-7830 | 1 Raonwiz | 1 Raon Kupload | 2020-09-11 | 6.8 MEDIUM | 7.8 HIGH |
| RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files to be downloaded to arbitrary paths due to insufficient verification of extensions and download paths. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions and earlier. | |||||
| CVE-2020-4693 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect Operations Center, Linux Kernel and 1 more | 2020-09-10 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782. | |||||
| CVE-2017-16845 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2020-09-10 | 6.4 MEDIUM | 10.0 CRITICAL |
| hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access. | |||||
| CVE-2016-2381 | 5 Canonical, Debian, Opensuse and 2 more | 10 Ubuntu Linux, Debian Linux, Opensuse and 7 more | 2020-09-10 | 5.0 MEDIUM | 7.5 HIGH |
| Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. | |||||
| CVE-2013-6887 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 6.4 MEDIUM | N/A |
| OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors. | |||||
| CVE-2013-6053 | 1 Uclouvain | 1 Openjpeg | 2020-09-09 | 5.0 MEDIUM | N/A |
| OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information via unspecified vectors that trigger a heap-based out-of-bounds read. | |||||
| CVE-2020-13594 | 1 Espressif | 2 Esp-idf, Esp32 | 2020-09-08 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.2 and earlier (for ESP32 devices) does not properly restrict the channel map field of the connection request packet on reception, allowing attackers in radio range to cause a denial of service (crash) via a crafted packet. | |||||
| CVE-2017-13061 | 1 Imagemagick | 1 Imagemagick | 2020-09-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ImageMagick 7.0.6-5, a length-validation vulnerability was found in the function ReadPSDLayersInternal in coders/psd.c, which allows attackers to cause a denial of service (ReadPSDImage memory exhaustion) via a crafted file. | |||||