Total
23726 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7175 | 1 Farsite | 2 Farlinx X25 Gateway, Farlinx X25 Gateway Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php. | |||||
| CVE-2019-20621 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos chipsets) software. There is a baseband heap overflow. The Samsung ID is SVE-2018-13187 (February 2019). | |||||
| CVE-2020-15781 | 1 Siemens | 2 Sicam A8000, Sicam A8000 Firmware | 2023-12-10 | 6.8 MEDIUM | 9.6 CRITICAL |
| A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application. | |||||
| CVE-2020-7617 | 1 Ini-parser Project | 1 Ini-parser | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload. | |||||
| CVE-2019-17560 | 2 Apache, Oracle | 2 Netbeans, Graalvm | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability. | |||||
| CVE-2020-15801 | 3 Microsoft, Netapp, Python | 3 Windows, Max Data, Python | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected. | |||||
| CVE-2020-5560 | 1 Wl-enq Project | 1 Wl-enq | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors. | |||||
| CVE-2020-9278 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The device can be reset to its default configuration by accessing an unauthenticated URL. | |||||
| CVE-2019-10622 | 1 Qualcomm | 40 Apq8009, Apq8009 Firmware, Apq8096au and 37 more | 2023-12-10 | 3.6 LOW | 9.1 CRITICAL |
| Out of bound memory access can happen while parsing ADSP message due to lack of check of size of payload received from userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, QCN7605, QCS605, SC8180X, SDM710, SDX24, SDX55, SM8150, SM8250, SXR2130 | |||||
| CVE-2020-3847 | 1 Apple | 1 Mac Os X | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory. | |||||
| CVE-2020-5594 | 1 Mitsubishielectric | 10 Melsec-fx, Melsec-fx Firmware, Melsec-l and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules all versions contain a vulnerability that allows cleartext transmission of sensitive information between CPU modules and GX Works3 and/or GX Works2 via unspecified vectors. | |||||
| CVE-2020-11624 | 1 Avertx | 4 Hd438, Hd438 Firmware, Hd838 and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Outdoor IP Dome Camera HD838 and Night Vision HD Indoor/Outdoor Mini IP Bullet Camera HD438. They do not require users to change the default password for the admin account. They only show a pop-up window suggesting a change but there's no enforcement. An administrator can click Cancel and proceed to use the device without changing the password. Additionally, they disclose the default username within the login.js script. Since many attacks for IoT devices, including malware and exploits, are based on the usage of default credentials, it makes these cameras an easy target for malicious actors. | |||||
| CVE-2020-17496 | 1 Vbulletin | 1 Vbulletin | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. | |||||
| CVE-2020-15178 | 1 Prestashop | 1 Contactform | 2023-12-10 | 4.3 MEDIUM | 9.3 CRITICAL |
| In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScript in a victim's browser. | |||||
| CVE-2020-15903 | 1 Nagios | 1 Nagios Xi | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3. | |||||
| CVE-2020-11698 | 1 Titanhq | 1 Spamtitan | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target server. | |||||
| CVE-2020-13226 | 1 Wso2 | 1 Api Manager | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet. | |||||
| CVE-2019-19606 | 1 X-plane | 1 X-plane | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands on the system. | |||||
| CVE-2020-3936 | 1 Unisoon | 2 Ultralog Express, Ultralog Express Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| UltraLog Express device management interface does not properly filter user inputted string in some specific parameters, attackers can inject arbitrary SQL command. | |||||
| CVE-2020-3699 | 1 Qualcomm | 94 Apq8009, Apq8009 Firmware, Apq8017 and 91 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Possible out of bound access while processing assoc response from host due to improper length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||