Total
29166 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-4084 | 1 Ibm | 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more | 2024-09-16 | 4.3 Medium |
IBM Jazz Foundation products (IBM Rational Collaborative Lifecycle Management 6.0 through 6.0.6.1) could allow an authenticated user to obtain sensitive information from CLM Applications that could be used in further attacks against the system. IBM X-Force ID: 157384. | ||||
CVE-2021-39006 | 2 Ibm, Linux | 2 Qradar Wincollect, Linux Kernel | 2024-09-16 | 5.3 Medium |
IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to obtain sensitive information due to missing best practices. IBM X-Force ID: 213549. | ||||
CVE-2017-2710 | 1 Huawei | 4 Beethoven-w09a, Beethoven-w09a Firmware, Crr-l09 and 1 more | 2024-09-16 | N/A |
BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than BTV-W09C100B006CUSTC100D002 versions, earlier than BTV-W09C128B003CUSTC128D002 versions, earlier than BTV-W09C199B002CUSTC199D002 versions, earlier than BTV-W09C209B005CUSTC209D001 versions, earlier than BTV-W09C331B002CUSTC331D001 versions, earlier than CRR-L09C432B390 versions, earlier than CRR-L09C605B355CUSTC605D003 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can perform some operations to update the Google account. As a result, the FRP function is bypassed. | ||||
CVE-2012-1291 | 1 Sap | 1 Netweaver | 2024-09-16 | N/A |
Unspecified vulnerability in the com.sap.aii.mdt.amt.web.AMTPageProcessor servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the Adapter Monitor via unspecified vectors, possibly related to the EnableInvokerServletGlobally property in the servlet_jsp service. | ||||
CVE-2021-23369 | 2 Handlebarsjs, Redhat | 5 Handlebars, Acm, Jboss Enterprise Bpms Platform and 2 more | 2024-09-16 | 5.6 Medium |
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source. | ||||
CVE-2017-1451 | 3 Ibm, Linux, Microsoft | 4 Db2, Db2 Connect, Linux Kernel and 1 more | 2024-09-16 | N/A |
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178. | ||||
CVE-2018-4850 | 1 Siemens | 4 Simatic S7-400, Simatic S7-400 Firmware, Simatic S7-400h and 1 more | 2024-09-16 | N/A |
A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below (All versions). The affected CPUs improperly validate S7 communication packets which could cause a Denial-of-Service condition of the CPU. The CPU will remain in DEFECT mode until manual restart. | ||||
CVE-2017-0853 | 1 Google | 1 Android | 2024-09-16 | N/A |
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63121644. | ||||
CVE-2021-1377 | 1 Cisco | 2 Ios, Ios Xe | 2024-09-16 | 5.8 Medium |
A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because ARP entries are mismanaged. An attacker could exploit this vulnerability by continuously sending traffic that results in incomplete ARP entries. A successful exploit could allow the attacker to cause ARP requests on the device to be unsuccessful for legitimate hosts, resulting in a denial of service (DoS) condition. | ||||
CVE-2020-14178 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 7.5 High |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0. | ||||
CVE-2017-11229 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2024-09-16 | N/A |
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF). | ||||
CVE-2018-18202 | 1 Ibm | 4 Qlogic 20-port 4\/8 Gb San Switch Module, Qlogic 20-port 4\/8 Gb San Switch Module Firmware, Qlogic 4 Gb Fibre Channel Expansion Card and 1 more | 2024-09-16 | N/A |
The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password. | ||||
CVE-2017-3758 | 1 Lenovo | 1 Service Framework | 2024-09-16 | N/A |
Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution. | ||||
CVE-2017-8724 | 1 Microsoft | 2 Edge, Windows 10 | 2024-09-16 | N/A |
Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8735. | ||||
CVE-2010-4104 | 1 Hp | 1 Insight Orchestration | 2024-09-16 | N/A |
Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors. | ||||
CVE-2018-18320 | 1 Asuswrt-merlin Project | 28 Rt-ac1900, Rt-ac1900 Firmware, Rt-ac2900 and 25 more | 2024-09-16 | N/A |
An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution | ||||
CVE-2012-1391 | 2 Google, Mobisynapse | 2 Android, Moffice-outlook Sync | 2024-09-16 | N/A |
Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact and attack vectors. | ||||
CVE-2011-0795 | 1 Oracle | 1 Fusion Middleware | 2024-09-16 | N/A |
Unspecified vulnerability in the Single Sign On component in Oracle Fusion Middleware 10.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Administration and Monitoring. | ||||
CVE-2012-1292 | 1 Sap | 1 Netweaver | 2024-09-16 | N/A |
Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. | ||||
CVE-2014-10002 | 1 Jetbrains | 1 Teamcity | 2024-09-16 | N/A |
Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. |