Total
4017 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2267 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | N/A |
| mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value. | |||||
| CVE-2016-5560 | 1 Oracle | 1 Siebel Customer Order Management | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to OpenUI. | |||||
| CVE-2022-45431 | 2 Dahuasecurity, Linux | 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more | 2025-04-11 | N/A | 7.5 HIGH |
| Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server. | |||||
| CVE-2022-45430 | 2 Dahuasecurity, Linux | 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more | 2025-04-11 | N/A | 3.7 LOW |
| Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service. | |||||
| CVE-2025-23389 | 2025-04-11 | N/A | 8.4 HIGH | ||
| A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login. This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. | |||||
| CVE-2024-20302 | 1 Cisco | 1 Nexus Dashboard Orchestrator | 2025-04-11 | N/A | 5.4 MEDIUM |
| A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator (NDO) could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system. This vulnerability is due to improper access controls within tenant security. An attacker who is using a valid user account with write privileges and either a Site Manager or Tenant Manager role could exploit this vulnerability. A successful exploit could allow the attacker to modify or delete tenant templates under non-associated tenants, which could disrupt network traffic. | |||||
| CVE-2022-23513 | 1 Pi-hole | 1 Adminlte | 2025-04-11 | N/A | 5.3 MEDIUM |
| Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path: `/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists. | |||||
| CVE-2013-2175 | 4 Canonical, Debian, Haproxy and 1 more | 4 Ubuntu Linux, Debian Linux, Haproxy and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable. | |||||
| CVE-2012-2947 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2025-04-11 | 2.6 LOW | N/A |
| chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. | |||||
| CVE-2011-4016 | 1 Cisco | 1 Ios | 2025-04-11 | 5.4 MEDIUM | N/A |
| The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673. | |||||
| CVE-2012-1327 | 1 Cisco | 1 Ios | 2025-04-11 | 6.1 MEDIUM | N/A |
| dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391. | |||||
| CVE-2013-4316 | 2 Apache, Oracle | 4 Struts, Flexcube Private Banking, Mysql Enterprise Monitor and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
| Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors. | |||||
| CVE-2013-4213 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-11 | 6.4 MEDIUM | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client. | |||||
| CVE-2013-7293 | 1 Asus | 1 Wl-330nul | 2025-04-11 | 5.0 MEDIUM | N/A |
| The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. | |||||
| CVE-2012-2351 | 2 Debian, Mahara | 2 Debian Linux, Mahara | 2025-04-11 | 5.0 MEDIUM | N/A |
| The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. | |||||
| CVE-2024-51954 | 3 Esri, Linux, Microsoft | 3 Arcgis Server, Linux Kernel, Windows | 2025-04-10 | N/A | 8.5 HIGH |
| There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux, which under unique circumstances, could potentially allow a remote, low privileged authenticated attacker to access secure services published a standalone (Unfederated) ArcGIS Server instance. If successful this compromise would have a high impact on Confidentiality, low impact on integrity and no impact to availability of the software. | |||||
| CVE-2022-47634 | 1 Isode | 1 M-link | 2025-04-10 | N/A | 8.1 HIGH |
| M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867. | |||||
| CVE-2024-37567 | 1 Infoblox | 1 Nios | 2025-04-10 | N/A | 9.1 CRITICAL |
| Infoblox NIOS through 8.6.4 has Improper Access Control for Grids. | |||||
| CVE-2024-37566 | 1 Infoblox | 1 Nios | 2025-04-10 | N/A | 9.8 CRITICAL |
| Infoblox NIOS through 8.6.4 has Improper Authentication for Grids. | |||||
| CVE-2022-47543 | 1 Siren | 1 Investigate | 2025-04-10 | N/A | 5.3 MEDIUM |
| An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects. | |||||