Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8654 | 1 Apple | 1 Safari | 2019-12-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.1. Visiting a malicious website may lead to user interface spoofing. | |||||
| CVE-2019-8637 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2019-12-19 | 9.3 HIGH | 7.8 HIGH |
| An input validation issue was addressed with improved input validation. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to gain root privileges. | |||||
| CVE-2019-8670 | 1 Apple | 2 Mac Os X, Safari | 2019-12-19 | 4.3 MEDIUM | 4.3 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.6, Safari 12.1.2. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2019-13932 | 1 Siemens | 1 Xhq | 2019-12-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in XHQ (All versions < V6.0.0.2). The web application requests could be manipulated, causing the the application to behave in unexpected ways for legitimate users. Successful exploitation does not require for an attacker to be authenticated. A successful attack could allow the import of scripts or generation of malicious links. This could allow the attacker to read or modify contents of the web application. At the time of advisory publication no public exploitation of this security vulnerability was known. | |||||
| CVE-2019-5260 | 1 Huawei | 4 View 20, View 20 Firmware, Y9 2019 and 1 more | 2019-12-18 | 6.1 MEDIUM | 6.5 MEDIUM |
| Huawei smartphones HUAWEI Y9 2019 and Honor View 20 have a denial of service vulnerability. Due to insufficient input validation of specific value when parsing the messages, an attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices to exploit this vulnerability. Successful exploit may cause an infinite loop and the device to reboot. | |||||
| CVE-2013-0243 | 1 Haskell | 1 Hs-tls | 2019-12-17 | 5.8 MEDIUM | 7.4 HIGH |
| haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections | |||||
| CVE-2009-4028 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2019-12-17 | 6.8 MEDIUM | N/A |
| The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library. | |||||
| CVE-2006-4227 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2019-12-17 | 6.5 MEDIUM | N/A |
| MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE. | |||||
| CVE-2019-14243 | 1 Haproxy | 1 Proxyprotocol | 2019-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| headerv2.go in mastercactapus proxyprotocol before 0.0.2, as used in the mastercactapus caddy-proxyprotocol plugin through 0.0.2 for Caddy, allows remote attackers to cause a denial of service (webserver panic and daemon crash) via a crafted HAProxy PROXY v2 request with truncated source/destination address data. | |||||
| CVE-2019-19396 | 1 Omniosce | 1 Omnios | 2019-12-16 | 7.8 HIGH | 7.5 HIGH |
| illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences. | |||||
| CVE-2019-15705 | 1 Fortinet | 1 Fortios | 2019-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| An Improper Input Validation vulnerability in the SSL VPN portal of FortiOS versions 6.2.1 and below, and 6.0.6 and below may allow an unauthenticated remote attacker to crash the SSL VPN service by sending a crafted POST request. | |||||
| CVE-2013-4245 | 2 Debian, Gnome | 2 Debian Linux, Orca | 2019-12-13 | 4.4 MEDIUM | 7.3 HIGH |
| Orca has arbitrary code execution due to insecure Python module load | |||||
| CVE-2019-17555 | 1 Apache | 1 Olingo | 2019-12-13 | 5.0 MEDIUM | 7.5 HIGH |
| The AsyncResponseWrapperImpl class in Apache Olingo versions 4.0.0 to 4.6.0 reads the Retry-After header and passes it to the Thread.sleep() method without any check. If a malicious server returns a huge value in the header, then it can help to implement a DoS attack. | |||||
| CVE-2013-2103 | 1 Redhat | 1 Openshift | 2019-12-13 | 5.5 MEDIUM | 8.1 HIGH |
| OpenShift cartridge allows remote URL retrieval | |||||
| CVE-2019-1484 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-12-13 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. | |||||
| CVE-2019-1471 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2019-12-13 | 6.5 MEDIUM | 8.2 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Windows Hyper-V Remote Code Execution Vulnerability'. | |||||
| CVE-2013-1689 | 1 Mozilla | 1 Firefox | 2019-12-13 | 4.3 MEDIUM | 6.5 MEDIUM |
| Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames. | |||||
| CVE-2013-3634 | 1 Siemens | 7 Scalance X200-4p Irt, Scalance X200irt Firmware, Scalance X201-3p Irt and 4 more | 2019-12-12 | 7.5 HIGH | N/A |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials. | |||||
| CVE-2019-19249 | 1 Querytreeapp | 1 Querytree | 2019-12-11 | 7.5 HIGH | 9.8 CRITICAL |
| Controllers/InvitationsController.cs in QueryTree before 3.0.99-beta mishandles invitations. | |||||
| CVE-2019-15988 | 1 Cisco | 1 Email Security Appliance Firmware | 2019-12-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting the URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device. | |||||