Total
263119 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-9998 | 1 Qualcomm | 58 Ipq4019, Ipq4019 Firmware, Ipq8064 and 55 more | 2024-09-17 | N/A |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 625, SD 808, SD 810, SD 820, and SDX20, while processing firmware image signature, the internal buffer may overflow if the firmware signature size is large. | ||||
CVE-2010-2151 | 1 Fujitsu | 1 E-pares | 2024-09-17 | N/A |
Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown vectors. | ||||
CVE-2005-1650 | 1 Woppoware | 1 Postmaster | 2024-09-17 | N/A |
The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. | ||||
CVE-2017-15813 | 1 Google | 1 Android | 2024-09-17 | N/A |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs. | ||||
CVE-2019-1853 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-09-17 | N/A |
A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by crafting HTTP traffic for the affected component to download and process. A successful exploit could allow the attacker to read sensitive information on the affected system. | ||||
CVE-2017-18247 | 1 Libav | 1 Libav | 2024-09-17 | N/A |
The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12.2 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted media file. | ||||
CVE-2021-1187 | 1 Cisco | 9 Application Extension Platform, Rv110w, Rv110w Firmware and 6 more | 2024-09-17 | 7.2 High |
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition. To exploit these vulnerabilities, an attacker would need to have valid administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities. | ||||
CVE-2010-2349 | 1 Timhillone | 1 H264webcam | 2024-09-17 | N/A |
H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information. | ||||
CVE-2018-1000647 | 1 Librehealth | 1 Librehealth Ehr | 2024-09-17 | N/A |
LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Deletion vulnerability in Import template that can result in Denial of service. This attack appear to be exploitable via User controlled parameter. | ||||
CVE-2011-0766 | 2 Erlang, Ssh | 3 Crypto, Erlang\/otp, Ssh | 2024-09-17 | N/A |
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys. | ||||
CVE-2020-4475 | 1 Ibm | 1 Sterling B2b Integrator | 2024-09-17 | 6.5 Medium |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
CVE-2018-3999 | 1 Atlantiswordprocessor | 1 Atlantis Word Processor | 2024-09-17 | 7.8 High |
An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is then treated as unsigned and then used in a copying operation. Due to the length underflow, the application will then write outside the bounds of a stack buffer, resulting in a buffer overflow. An attacker must convince a victim to open a document in order to trigger this vulnerability. | ||||
CVE-2006-4352 | 1 Cisco | 1 Content Services Switch 11000 | 2024-09-17 | N/A |
The ArrowPoint cookie functionality for Cisco 11000 series Content Service Switches specifies an internal IP address if the administrator does not specify a string option, which allows remote attackers to obtain sensitive information. | ||||
CVE-2021-32538 | 1 Artware Cms Project | 1 Artware Cms | 2024-09-17 | 9.8 Critical |
ARTWARE CMS parameter of image upload function does not filter the type of upload files which allows remote attackers can upload arbitrary files without logging in, and further execute code unrestrictedly. | ||||
CVE-2017-1350 | 1 Ibm | 1 Infosphere Information Server | 2024-09-17 | N/A |
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526. | ||||
CVE-2017-1000417 | 1 Matrixssl | 1 Matrixssl | 2024-09-17 | N/A |
MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates. | ||||
CVE-2019-4098 | 1 Ibm | 1 Cloud Pak System | 2024-09-17 | 5.4 Medium |
IBM Cloud Pak System 2.3 and 2.3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158020. | ||||
CVE-2020-4516 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-09-17 | 5.4 Medium |
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182371. | ||||
CVE-2016-10386 | 1 Google | 1 Android | 2024-09-17 | N/A |
In all Qualcomm products with Android releases from CAF using the Linux kernel, an array index out of bounds vulnerability exists in LPP. | ||||
CVE-2016-10610 | 1 Unicode | 1 Unicode-json | 2024-09-17 | N/A |
unicode-json is a unicode lookup table. unicode-json before 2.0.0 downloads data resources over HTTP, which leaves it vulnerable to MITM attacks. |