Total
29124 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2018-0801 | 1 Microsoft | 3 Office, Office Compatibility Pack, Word | 2024-09-17 | N/A |
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Remote Code Execution Vulnerability". | ||||
CVE-2022-41561 | 1 Tibco | 1 Jasperreports Server | 2024-09-17 | 9.1 Critical |
The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute Remote Code Execution to obtain a reverse shell on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0. | ||||
CVE-2013-2369 | 1 Hp | 1 Loadrunner | 2024-09-17 | N/A |
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670. | ||||
CVE-2009-0066 | 1 Intel | 1 Trusted Execution Technology | 2024-09-17 | N/A |
Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | ||||
CVE-2018-5242 | 1 Symantec | 1 Norton App Lock | 2024-09-17 | N/A |
Norton App Lock prior to version 1.3.0.329 can be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking the device, thereby allowing the individual to gain device access. | ||||
CVE-2021-38988 | 1 Ibm | 2 Aix, Vios | 2024-09-17 | 5.5 Medium |
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950. | ||||
CVE-2009-3353 | 2 Drupal, Steve Lockwood | 2 Drupal, Node2node | 2024-09-17 | N/A |
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors. | ||||
CVE-2021-29760 | 1 Ibm | 1 Sterling B2b Integrator | 2024-09-17 | 4.3 Medium |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213. | ||||
CVE-2017-13219 | 1 Google | 1 Android | 2024-09-17 | N/A |
A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865. | ||||
CVE-2011-2627 | 1 Opera | 1 Opera Browser | 2024-09-17 | N/A |
Unspecified vulnerability in the DOM implementation in Opera before 11.50 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by live.com. | ||||
CVE-2019-4241 | 1 Ibm | 1 Pureapplication System | 2024-09-17 | 7.8 High |
IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467. | ||||
CVE-2021-29824 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-09-17 | 4.3 Medium |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468. | ||||
CVE-2013-7358 | 1 Sap | 1 Guided Procedures Archive Monitor | 2024-09-17 | N/A |
Unspecified vulnerability in SAP Guided Procedures Archive Monitor allows remote attackers to obtain usernames, roles, profiles, and possibly other identity information via unknown vectors. | ||||
CVE-2022-28762 | 1 Zoom | 1 Meetings | 2024-09-17 | 7.3 High |
Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client. | ||||
CVE-2020-4376 | 1 Ibm | 1 Mq For Hpe Nonstop | 2024-09-17 | 6.5 Medium |
IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow an attacker to cause a denial of service caused by an error within the pubsub logic. IBM X-Force ID: 179081. | ||||
CVE-2013-2333 | 1 Hp | 1 Storage Data Protector | 2024-09-17 | N/A |
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680. | ||||
CVE-2018-6303 | 1 Hanwha-security | 4 Snh-v6410pn, Snh-v6410pn Firmware, Snh-v6410pnw and 1 more | 2024-09-17 | N/A |
Denial of service by uploading malformed firmware in Hanwha Techwin Smartcams | ||||
CVE-2018-6263 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-09-17 | N/A |
NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges. | ||||
CVE-2017-0826 | 1 Google | 1 Android | 2024-09-17 | N/A |
An elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-34949781. | ||||
CVE-2018-0816 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-09-17 | N/A |
The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0817. |