Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20082 | 1 Jung-group | 2 Smart Visu Server, Smart Visu Server Firmware | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. This issue affects some unknown processing. The manipulation leads to backdoor. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-18920 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy. | |||||
| CVE-2017-12308 | 1 Cisco | 170 Esw2-350g-52, Esw2-350g-52 Firmware, Esw2-350g-52dc and 167 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches, Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches. Cisco Bug IDs: CSCvg29980. | |||||
| CVE-2016-20014 | 1 Pam Tacplus Project | 1 Pam Tacplus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure. | |||||
| CVE-2016-20012 | 2 Netapp, Openbsd | 5 Clustered Data Ontap, Hci Management Node, Ontap Select Deploy Administration Utility and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product | |||||
| CVE-2016-20008 | 1 Rest\/json Project | 1 Rest\/json | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | |||||
| CVE-2016-20003 | 1 Rest\/json Project | 1 Rest\/json | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | |||||
| CVE-2015-1853 | 1 Tuxfamily | 1 Chrony | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets. | |||||
| CVE-2014-8183 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2024-11-21 | 6.5 MEDIUM | 7.4 HIGH |
| It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. | |||||
| CVE-2014-5138 | 1 Iii | 1 Sierra | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule. | |||||
| CVE-2014-2680 | 1 Xmind | 1 Xmind | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack. | |||||
| CVE-2014-125036 | 1 Ansible-ntp Project | 1 Ansible-ntp | 2024-11-21 | 1.4 LOW | 2.6 LOW |
| A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as ed4ca2cf012677973c220cdba36b5c60bfa0260b. It is recommended to apply a patch to fix this issue. VDB-217190 is the identifier assigned to this vulnerability. | |||||
| CVE-2014-0021 | 3 Chrony Project, Debian, Fedoraproject | 3 Chrony, Debian Linux, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Chrony before 1.29.1 has traffic amplification in cmdmon protocol | |||||
| CVE-2013-6927 | 1 Triplc | 1 Trilogi Server | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account. | |||||
| CVE-2013-6792 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability | |||||
| CVE-2013-5657 | 1 Aultware | 1 Pwstore | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request | |||||
| CVE-2013-4090 | 1 Varnish Cache Project | 1 Varnish Cache | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Varnish HTTP cache before 3.0.4: ACL bug | |||||
| CVE-2013-3629 | 1 Ispconfig | 1 Ispconfig | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution | |||||
| CVE-2013-2009 | 1 Automattic | 1 Wp Super Cache | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution | |||||
| CVE-2013-1924 | 1 Skill | 1 Commerce Skrill | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerability in all versions prior to 7.x-1.2 | |||||