Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-1002104 | 1 Kubernetes | 1 Nginx Ingress Controller | 2020-01-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly. | |||||
| CVE-2020-0606 | 1 Microsoft | 10 .net Core, .net Framework, Windows 10 and 7 more | 2020-01-17 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605. | |||||
| CVE-2011-3203 | 1 Jcow | 1 Jcow Cms | 2020-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2. | |||||
| CVE-2012-4030 | 1 Chamilo | 1 Chamilo Lms | 2020-01-15 | 6.4 MEDIUM | 7.5 HIGH |
| Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files. | |||||
| CVE-2018-20684 | 1 Winscp | 1 Winscp | 2020-01-15 | 6.4 MEDIUM | 7.5 HIGH |
| In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp. | |||||
| CVE-2016-6585 | 1 Symantec | 1 Norton Mobile Security | 2020-01-15 | 3.5 LOW | 5.3 MEDIUM |
| A Denial of Service vulnerability exists in Symantec Norton Mobile Security for Android prior to 3.16, which could let a remote malicious user conduct a man-in-the-middle attack via specially crafted JavaScript. | |||||
| CVE-2016-6586 | 1 Symantec | 1 Norton Mobile Security | 2020-01-15 | 4.3 MEDIUM | 3.7 LOW |
| A security bypass vulnerability exists in Symantec Norton Mobile Security for Android before 3.16, which could let a malicious user conduct a man-in-the-middle via specially crafted JavaScript to add arbitrary URLs to the URL whitelist. | |||||
| CVE-2020-5519 | 1 Litespeedtech | 1 Openlitespeed | 2020-01-15 | 7.5 HIGH | 9.8 CRITICAL |
| The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen. | |||||
| CVE-2019-15910 | 1 Asus | 14 As-101, As-101 Firmware, Dl-101 and 11 more | 2020-01-15 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on ASUS HG100, MW100, WS-101, TS-101, AS-101, MS-101, DL-101 devices using ZigBee PRO. Attackers can utilize the "discover ZigBee network procedure" to perform a denial of service attack. | |||||
| CVE-2019-6529 | 1 Kunbus | 2 Pr100088 Modbus Gateway, Pr100088 Modbus Gateway Firmware | 2020-01-12 | 6.8 MEDIUM | 4.9 MEDIUM |
| An attacker could specially craft an FTP request that could crash the PR100088 Modbus gateway versions prior to release R02 (or Software Version 1.1.13166). | |||||
| CVE-2009-2044 | 2 Linux, Mozilla | 2 Linux Kernel, Firefox | 2020-01-10 | 4.3 MEDIUM | N/A |
| Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element. | |||||
| CVE-2019-9668 | 1 Rovinbhandari Ftp Project | 1 Rovinbhandari Ftp | 2020-01-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in rovinbhandari FTP through 2012-03-28. receive_file in file_transfer_functions.c allows remote attackers to cause a denial of service (daemon crash) via a 0xffff datalen field value. | |||||
| CVE-2014-5118 | 3 Fedoraproject, Redhat, Trusted Boot Project | 3 Fedora, Enterprise Linux, Trusted Boot | 2020-01-10 | 2.1 LOW | 5.5 MEDIUM |
| Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability | |||||
| CVE-2016-2774 | 3 Canonical, Debian, Isc | 3 Ubuntu Linux, Debian Linux, Dhcp | 2020-01-08 | 7.1 HIGH | 5.9 MEDIUM |
| ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. | |||||
| CVE-2011-2748 | 3 Canonical, Debian, Isc | 3 Ubuntu Linux, Debian Linux, Dhcp | 2020-01-08 | 7.8 HIGH | N/A |
| The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet. | |||||
| CVE-2014-0488 | 1 Debian | 1 Advanced Package Tool | 2020-01-08 | 6.8 MEDIUM | N/A |
| APT before 1.0.9 does not "invalidate repository data" when moving from an unauthenticated to authenticated state, which allows remote attackers to have unspecified impact via crafted repository data. | |||||
| CVE-2014-0490 | 2 Debian, Linux | 2 Advanced Package Tool, Linux Kernel | 2020-01-08 | 7.5 HIGH | N/A |
| The apt-get download command in APT before 1.0.9 does not properly validate signatures for packages, which allows remote attackers to execute arbitrary code via a crafted package. | |||||
| CVE-2014-0478 | 1 Debian | 1 Advanced Package Tool | 2020-01-08 | 4.0 MEDIUM | N/A |
| APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature. | |||||
| CVE-2014-0489 | 1 Debian | 1 Advanced Package Tool | 2020-01-08 | 7.5 HIGH | N/A |
| APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, does not validate checksums, which allows remote attackers to execute arbitrary code via a crafted package. | |||||
| CVE-2012-3587 | 1 Debian | 1 Advanced Package Tool | 2020-01-08 | 2.6 LOW | N/A |
| APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack. | |||||