Total
64889 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-28824 | 1 Tibco | 1 Activespaces | 2023-12-10 | 4.6 MEDIUM | 8.8 HIGH |
The Windows Installation component of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.5.0 and below, TIBCO ActiveSpaces - Developer Edition: versions 4.5.0 and below, and TIBCO ActiveSpaces - Enterprise Edition: versions 4.5.0 and below. | |||||
CVE-2020-9782 | 1 Apple | 1 Mac Os X | 2023-12-10 | 6.4 MEDIUM | 7.5 HIGH |
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files. | |||||
CVE-2020-27861 | 1 Netgear | 71 Cbk40, Cbk40 Firmware, Cbk43 and 68 more | 2023-12-10 | 8.3 HIGH | 8.8 HIGH |
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR Orbi 2.5.1.16 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UA_Parser utility. A crafted Host Name option in a DHCP request can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11076. | |||||
CVE-2021-27186 | 1 Treasuredata | 1 Fluent Bit | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c. | |||||
CVE-2020-35553 | 2 Google, Qualcomm | 2 Android, Sm8250 | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software. They allows attackers to cause a denial of service (unlock failure) by triggering a power-shortage incident that causes a false-positive attack detection. The Samsung ID is SVE-2020-19678 (December 2020). | |||||
CVE-2020-27713 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the connection is reset and the Traffic Management Microkernel (TMM) leaks memory. | |||||
CVE-2020-3863 | 1 Apple | 1 Mac Os X | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to execute arbitrary code with system privileges. | |||||
CVE-2020-26980 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing JT files. A crafted JT file could trigger a type confusion condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11881) | |||||
CVE-2019-14479 | 1 Adremsoft | 1 Netcrunch | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution. In the NetCrunch web client, a read-only administrator can execute arbitrary code on the server running the NetCrunch server software. | |||||
CVE-2020-35362 | 1 Dext5 | 1 Dext5upload | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value). | |||||
CVE-2021-1062 | 5 Citrix, Nutanix, Nvidia and 2 more | 5 Hypervisor, Ahv, Virtual Gpu Manager and 2 more | 2023-12-10 | 3.6 LOW | 7.1 HIGH |
NVIDIA vGPU manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3). | |||||
CVE-2020-26896 | 1 Lightning Network Daemon Project | 1 Lightning Network Daemon | 2023-12-10 | 5.8 MEDIUM | 8.2 HIGH |
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collision with an invoice, the preimage for an expected payment was instead released. A malicious peer could have deliberately intercepted an HTLC intended for the victim node, probed the preimage through a colluding relayed HTLC, and stolen the intercepted HTLC. The impact is a loss of funds in certain situations, and a weakening of the victim's receiver privacy. | |||||
CVE-2021-26914 | 1 Netmotionsoftware | 1 Netmotion Mobility | 2023-12-10 | 9.3 HIGH | 8.1 HIGH |
NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in MvcUtil valueStringToObject. | |||||
CVE-2020-28091 | 1 Cxuu | 1 Cxuucms | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php. | |||||
CVE-2021-3019 | 1 Lanproxy Project | 1 Lanproxy | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet. | |||||
CVE-2020-15681 | 1 Mozilla | 1 Firefox | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82. | |||||
CVE-2019-8696 | 1 Apple | 1 Mac Os X | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. | |||||
CVE-2020-8258 | 1 Citrix | 1 Gateway Plug-in | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. | |||||
CVE-2020-9893 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
CVE-2021-0385 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In createConnectToAvailableNetworkNotification of ConnectToNetworkNotificationBuilder.java, there is a possible connection to untrusted WiFi networks due to notification interaction above the lockscreen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-172584372 |