Total
415 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10552 | 1 Infragistics | 1 Igniteui | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol. | |||||
| CVE-2016-10443 | 1 Qualcomm | 58 Mdm9206, Mdm9206 Firmware, Mdm9607 and 55 more | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, packet replay may be possible. | |||||
| CVE-2016-0332 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695. | |||||
| CVE-2016-0274 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to conduct clickjacking attacks via a crafted web site. IBM X-Force ID: 111076. | |||||
| CVE-2015-9331 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. | |||||
| CVE-2015-9318 | 1 Getawesomesupport | 1 Awesome Support | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies. | |||||
| CVE-2015-9243 | 1 Hapijs | 1 Hapi | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`). | |||||
| CVE-2015-1142857 | 3 Dpdk, Intel, Linux | 13 Dpdk, 82576, 82576 Firmware and 10 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected. | |||||
| CVE-2014-6050 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request. | |||||
| CVE-2014-5334 | 1 Freenas | 1 Freenas | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login. | |||||
| CVE-2014-1428 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | 5.0 MEDIUM | 2.0 LOW |
| A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2. | |||||
| CVE-2014-10063 | 1 Qualcomm | 4 Mdm9625, Mdm9625 Firmware, Sd 800 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 and SD 800, a fuse is not correctly blown on a secure device. | |||||
| CVE-2011-4889 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581. | |||||
| CVE-2011-3145 | 1 Mount.ecrpytfs Private Project | 1 Mount.ecrpytfs Private | 2024-11-21 | 7.5 HIGH | 3.8 LOW |
| When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private. | |||||
| CVE-2009-5144 | 1 Mod Gnutls Project | 1 Mod Gnutls | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate. | |||||