Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11289 | 1 Cloudfoundry | 2 Cf-deployment, Routing-release | 2020-01-03 | 7.8 HIGH | 8.6 HIGH |
| Cloud Foundry Routing, all versions before 0.193.0, does not properly validate nonce input. A remote unauthenticated malicious user could forge an HTTP route service request using an invalid nonce that will cause the Gorouter to crash. | |||||
| CVE-2019-11086 | 1 Intel | 1 Active Management Technology Firmware | 2020-01-02 | 4.6 MEDIUM | 6.8 MEDIUM |
| Insufficient input validation in subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2019-11102 | 1 Intel | 2 Dynamic Application Loader, Trusted Execution Engine Firmware | 2020-01-02 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2019-11100 | 1 Intel | 1 Active Management Technology Firmware | 2020-01-02 | 2.1 LOW | 4.6 MEDIUM |
| Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
| CVE-2019-0166 | 1 Intel | 1 Active Management Technology Firmware | 2020-01-02 | 5.0 MEDIUM | 7.5 HIGH |
| Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2019-0131 | 1 Intel | 1 Active Management Technology Firmware | 2020-01-02 | 4.8 MEDIUM | 8.1 HIGH |
| Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. | |||||
| CVE-2019-11107 | 1 Intel | 1 Active Management Technology Firmware | 2020-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2019-19398 | 1 Huawei | 2 M5 Lite 10, M5 Lite 10 Firmware | 2020-01-02 | 7.5 HIGH | 9.8 CRITICAL |
| M5 lite 10 with versions of 8.0.0.182(C00) have an insufficient input validation vulnerability. Due to the input validation logic is incorrect, an attacker can exploit this vulnerability to modify the memory of the device by doing a series of operations. Successful exploit may lead to malicious code execution. | |||||
| CVE-2019-11103 | 1 Intel | 1 Converged Security Management Engine Firmware | 2020-01-02 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-14609 | 1 Intel | 38 Cd1iv128mk, Cd1iv128mk Firmware, Cd1m3128mk and 35 more | 2020-01-02 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation in firmware for Intel(R) NUC(R) may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2019-0168 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2020-01-02 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 12.0.45 and 13.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2019-0165 | 1 Intel | 1 Converged Security Management Engine Firmware | 2020-01-02 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient Input validation in the subsystem for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2019-11087 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2020-01-02 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of service via local access. | |||||
| CVE-2019-11101 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2020-01-02 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient input validation in the subsystem for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2019-11104 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2020-01-02 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2012-6111 | 2 Debian, Gnome | 2 Debian Linux, Gnome Keyring | 2020-01-02 | 5.0 MEDIUM | 7.5 HIGH |
| gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function | |||||
| CVE-2019-11088 | 1 Intel | 1 Active Management Technology Firmware | 2019-12-31 | 5.8 MEDIUM | 8.8 HIGH |
| Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2019-8502 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2019-12-31 | 4.3 MEDIUM | 3.3 LOW |
| An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, tvOS 12.2, watchOS 5.2. A malicious application may be able to initiate a Dictation request without user authorization. | |||||
| CVE-2019-7292 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2019-12-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may result in the disclosure of process memory. | |||||
| CVE-2019-8503 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2019-12-31 | 9.3 HIGH | 8.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. A malicious website may be able to execute scripts in the context of another website. | |||||