Total
29124 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-3659 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2024-09-17 | N/A |
A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access. | ||||
CVE-2010-4601 | 1 Ibm | 1 Rational Clearquest | 2024-09-17 | N/A |
Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, and 7.1.2.x before 7.1.2.1 allow attackers to have an unknown impact via vectors related to third-party .ocx files. | ||||
CVE-2018-15370 | 1 Cisco | 1 Ios Rom Monitor | 2024-09-17 | N/A |
A vulnerability in Cisco IOS ROM Monitor (ROMMON) Software for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, local attacker to bypass Cisco Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to the presence of a hidden command in the affected software. An attacker could exploit this vulnerability by connecting to an affected device via the console, forcing the device into ROMMON mode, and writing a malicious pattern to a specific memory address on the device. A successful exploit could allow the attacker to bypass signature validation checks by Cisco Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco. | ||||
CVE-2013-3828 | 1 Oracle | 1 Fusion Middleware | 2024-09-17 | N/A |
Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 10.1.3.5.0 and 11.1.1.6.0 allows remote attackers to affect confidentiality via unknown vectors related to Test Page. | ||||
CVE-2020-4889 | 2 Ibm, Linux | 2 Spectrum Scale, Linux Kernel | 2024-09-17 | 3.3 Low |
IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971. | ||||
CVE-2018-17006 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-09-17 | N/A |
An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for firewall lan_manage mac2. | ||||
CVE-2011-0797 | 1 Oracle | 1 E-business Suite | 2024-09-17 | N/A |
Unspecified vulnerability in the Applications Install component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality via unknown vectors. | ||||
CVE-2020-4919 | 1 Ibm | 1 Cloud Pak System | 2024-09-17 | 3.8 Low |
IBM Cloud Pak System 2.3 has insufficient logout controls which could allow an authenticated privileged user to impersonate another user on the system. IBM X-Force ID: 191395. | ||||
CVE-2012-3280 | 1 Hp | 2 Nonstop Server, Nonstop Server Software | 2024-09-17 | N/A |
Multiple unspecified vulnerabilities on HP NonStop Servers H06.x and J06.x allow remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via an OSS Remote Operation over an Expand connection. | ||||
CVE-2021-36012 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-09-17 | 6.5 Medium |
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item. | ||||
CVE-2019-4260 | 1 Ibm | 1 Daeja Viewone | 2024-09-17 | 5.3 Medium |
IBM Daeja ViewONE Professional, Standard & Virtual 5.0 through 5.0.5 could allow an unauthorized user to download server files resulting in sensitive information disclosure. IBM X-Force ID: 160012. | ||||
CVE-2018-17175 | 1 Marshmallow Project | 1 Marshmallow | 2024-09-17 | N/A |
In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema "only" option treats an empty list as implying no "only" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the "only" option, and there is a user role that produces an empty value for "only"). | ||||
CVE-2017-13677 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-09-17 | N/A |
Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes. | ||||
CVE-2021-1394 | 1 Cisco | 1 Ios Xe | 2024-09-17 | 5.3 Medium |
A vulnerability in the ingress traffic manager of Cisco IOS XE Software for Cisco Network Convergence System (NCS) 520 Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the web management interface of an affected device. This vulnerability is due to incorrect processing of certain IPv4 TCP traffic that is destined to an affected device. An attacker could exploit this vulnerability by sending a large number of crafted TCP packets to the affected device. A successful exploit could allow the attacker to cause the web management interface to become unavailable, resulting in a DoS condition. Note: This vulnerability does not impact traffic that is going through the device or going to the Management Ethernet interface of the device. | ||||
CVE-2020-26869 | 1 Pcvuesolutions | 1 Pcvue | 2024-09-17 | 7.5 High |
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit. | ||||
CVE-2018-0764 | 2 Microsoft, Redhat | 11 .net Core, .net Framework, Powershell Core and 8 more | 2024-09-17 | N/A |
Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. | ||||
CVE-2009-3096 | 2 Hp, Microsoft | 2 Performance Insight, Windows | 2024-09-17 | N/A |
Multiple unspecified vulnerabilities in HP Performance Insight 5.3 allow remote attackers to have an unknown impact, related to (1) a "Remote exploit" on Windows platforms, and (2) a "Remote preauthentication exploit" on the Windows Server 2003 SP2 platform, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. | ||||
CVE-2019-20410 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-17 | 6.5 Medium |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an Information Disclosure vulnerability in the comment restriction feature. The affected versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2. | ||||
CVE-2018-15397 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Management Center | 2024-09-17 | 6.8 Medium |
A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error that may occur if the affected software renegotiates the encryption key for an IPsec tunnel when certain TFC traffic is in flight. An attacker could exploit this vulnerability by sending a malicious stream of TFC traffic through an established IPsec tunnel on an affected device. A successful exploit could allow the attacker to cause a daemon process on the affected device to crash, which could cause the device to crash and result in a DoS condition. | ||||
CVE-2019-4505 | 1 Ibm | 2 Websphere Application Server, Websphere Virtual Enterprise | 2024-09-17 | 5.3 Medium |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Network Deployment could allow a remote attacker to obtain sensitive information, caused by sending a specially-crafted URL. This can lead the attacker to view any file in a certain directory. IBM X-Force ID: 164364. |