Total
29124 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0057 | 1 Juniper | 1 Junos | 2024-09-17 | N/A |
| On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address binding in the access profile. In the problem scenario, with a hardware-address and IP address configured under address-assignment pool, if a subscriber logging in with DHCP Option 50, the subscriber will not be assigned an available address from the matched pool, but will still get the requested IP address. A malicious DHCP subscriber may be able to utilize this vulnerability to create duplicate IP address assignments, leading to a denial of service for valid subscribers or unauthorized information disclosure via IP address assignment spoofing. Affected releases are Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S2, 15.1R8; 16.1 versions prior to 16.1R4-S12, 16.1R7-S2, 16.1R8; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R2-S3, 18.1R3. | ||||
| CVE-2012-1402 | 2 1kxun, Google | 2 Qianxun Yingshi, Android | 2024-09-17 | N/A |
| Unspecified vulnerability in the QianXun YingShi (com.qianxun.yingshi) application 1.2.3 and 1.3.4 for Android has unknown impact and attack vectors. | ||||
| CVE-2021-29774 | 1 Ibm | 6 Engineering Lifecycle Optimization, Engineering Workflow Management, Rational Collaborative Lifecycle Management and 3 more | 2024-09-17 | 7.5 High |
| IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025. | ||||
| CVE-2018-15723 | 1 Logitech | 2 Harmony Hub, Harmony Hub Firmware | 2024-09-17 | N/A |
| The Logitech Harmony Hub before version 4.15.206 is vulnerable to application level command injection via crafted HTTP request. An unauthenticated remote attacker can leverage this vulnerability to execute application defined commands (e.g. harmony.system?systeminfo). | ||||
| CVE-2020-4493 | 1 Ibm | 1 Maximo Asset Management | 2024-09-17 | 9.8 Critical |
| IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command. IBM X-Force ID: 181995. | ||||
| CVE-2012-6065 | 2 Daniel Honrade, Drupal | 2 Om Maximenu, Drupal | 2024-09-17 | N/A |
| The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the "Title has PHP" option is enabled, allows remote authenticated users with the "Administer OM Maximenu" permission to execute arbitrary PHP code via a "Link Title," a different vulnerability than CVE-2012-5553. | ||||
| CVE-2020-7363 | 1 Ucweb | 1 Uc Browser | 2024-09-17 | 4.3 Medium |
| User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions. | ||||
| CVE-2019-6184 | 1 Lenovo | 1 Customer Engagement Service | 2024-09-17 | 7.8 High |
| A potential vulnerability in the discontinued Customer Engagement Service (CCSDK) software version 2.0.21.1 may allow local privilege escalation. | ||||
| CVE-2018-0003 | 1 Juniper | 1 Junos | 2024-09-17 | N/A |
| A specially crafted MPLS packet received or processed by the system, on an interface configured with MPLS, will store information in the system memory. Subsequently, if this stored information is accessed, this may result in a kernel crash leading to a denial of service. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D71; 12.3 versions prior to 12.3R12-S7; 12.3X48 versions prior to 12.3X48-D55; 14.1 versions prior to 14.1R8-S5, 14.1R9; 14.1X53 versions prior to 14.1X53-D45, 14.1X53-D107; 14.2 versions prior to 14.2R7-S7, 14.2R8; 15.1 versions prior to 15.1F5-S8, 15.1F6-S8, 15.1R5-S6, 15.1R6-S3, 15.1R7; 15.1X49 versions prior to 15.1X49-D100; 15.1X53 versions prior to 15.1X53-D65, 15.1X53-D231; 16.1 versions prior to 16.1R3-S6, 16.1R4-S6, 16.1R5; 16.1X65 versions prior to 16.1X65-D45; 16.2 versions prior to 16.2R2-S1, 16.2R3; 17.1 versions prior to 17.1R2-S2, 17.1R3; 17.2 versions prior to 17.2R1-S3, 17.2R2; 17.2X75 versions prior to 17.2X75-D50. No other Juniper Networks products or platforms are affected by this issue. | ||||
| CVE-2018-9067 | 1 Lenovo | 1 Lenovo Help | 2024-09-17 | N/A |
| The Lenovo Help Android app versions earlier than 6.1.2.0327 had insufficient access control for some functions which, if exploited, could have led to exposure of approximately 400 email addresses and 8,500 IMEI. | ||||
| CVE-2019-4246 | 1 Ibm | 1 Daeja Viewone | 2024-09-17 | 5.3 Medium |
| IBM Daeja ViewONE Virtual 5.0 through 5.0.6 could expose internal parameters to ViewONE clients that could be used in further attacks against the system. IBM X-Force ID: 159521. | ||||
| CVE-2018-6558 | 1 Google | 1 Fscrypt | 2024-09-17 | N/A |
| The pam_fscrypt module in fscrypt before 0.2.4 may incorrectly restore primary and supplementary group IDs to the values associated with the root user, which allows attackers to gain privileges via a successful login through certain applications that use Linux-PAM (aka pam). | ||||
| CVE-2018-6503 | 1 Hp | 1 Arcsight Management Center | 2024-09-17 | N/A |
| A potential Access Control vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for vulnerable Access Controls. | ||||
| CVE-2018-10676 | 1 Tbkvision | 4 Tbk-dvr4104, Tbk-dvr4104 Firmware, Tbk-dvr4216 and 1 more | 2024-09-17 | N/A |
| CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI. | ||||
| CVE-2017-13162 | 1 Google | 1 Android | 2024-09-17 | N/A |
| An elevation of privilege vulnerability in the kernel binder. Product: Android. Versions: Android kernel. Android ID A-64216036. | ||||
| CVE-2009-3351 | 2 Drupal, Kristy Frey | 2 Drupal, Node Browser Module | 2024-09-17 | N/A |
| Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors. | ||||
| CVE-2019-17336 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-09-17 | 6.5 Medium |
| The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0. | ||||
| CVE-2021-38993 | 1 Ibm | 2 Aix, Vios | 2024-09-17 | 5.5 Medium |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962. | ||||
| CVE-2017-9799 | 1 Apache | 1 Storm | 2024-09-17 | N/A |
| It was found that under some situations and configurations of Apache Storm 1.x before 1.0.4 and 1.1.x before 1.1.1, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised. | ||||
| CVE-2018-1450 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2024-09-17 | N/A |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140045. | ||||