Total
29171 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1377 | 1 Cisco | 2 Ios, Ios Xe | 2024-09-16 | 5.8 Medium |
| A vulnerability in Address Resolution Protocol (ARP) management of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to prevent an affected device from resolving ARP entries for legitimate hosts on the connected subnets. This vulnerability exists because ARP entries are mismanaged. An attacker could exploit this vulnerability by continuously sending traffic that results in incomplete ARP entries. A successful exploit could allow the attacker to cause ARP requests on the device to be unsuccessful for legitimate hosts, resulting in a denial of service (DoS) condition. | ||||
| CVE-2020-14178 | 1 Atlassian | 4 Jira, Jira Data Center, Jira Server and 1 more | 2024-09-16 | 7.5 High |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate project keys via an Information Disclosure vulnerability in the /browse.PROJECTKEY endpoint. The affected versions are before version 7.13.7, from version 8.0.0 before 8.5.8, and from version 8.6.0 before 8.12.0. | ||||
| CVE-2017-11229 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2024-09-16 | N/A |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability when manipulating Forms Data Format (FDF). | ||||
| CVE-2018-18202 | 1 Ibm | 4 Qlogic 20-port 4\/8 Gb San Switch Module, Qlogic 20-port 4\/8 Gb San Switch Module Firmware, Qlogic 4 Gb Fibre Channel Expansion Card and 1 more | 2024-09-16 | N/A |
| The QLogic 4Gb Fibre Channel 5.5.2.6.0 and 4/8Gb SAN 7.10.1.20.0 modules for IBM BladeCenter have an undocumented support account with a support password, an undocumented diags account with a diags password, and an undocumented prom account with a prom password. | ||||
| CVE-2017-3758 | 1 Lenovo | 1 Service Framework | 2024-09-16 | N/A |
| Improper access controls on several Android components in the Lenovo Service Framework application can be exploited to enable remote code execution. | ||||
| CVE-2017-8724 | 1 Microsoft | 2 Edge, Windows 10 | 2024-09-16 | N/A |
| Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8735. | ||||
| CVE-2010-4104 | 1 Hp | 1 Insight Orchestration | 2024-09-16 | N/A |
| Unspecified vulnerability in HP Insight Orchestration before 6.2 allows remote attackers to read arbitrary files via unknown vectors. | ||||
| CVE-2018-18320 | 1 Asuswrt-merlin Project | 28 Rt-ac1900, Rt-ac1900 Firmware, Rt-ac2900 and 25 more | 2024-09-16 | N/A |
| An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because exec.php has a popen call. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution | ||||
| CVE-2012-1391 | 2 Google, Mobisynapse | 2 Android, Moffice-outlook Sync | 2024-09-16 | N/A |
| Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact and attack vectors. | ||||
| CVE-2011-0795 | 1 Oracle | 1 Fusion Middleware | 2024-09-16 | N/A |
| Unspecified vulnerability in the Single Sign On component in Oracle Fusion Middleware 10.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Administration and Monitoring. | ||||
| CVE-2012-1292 | 1 Sap | 1 Netweaver | 2024-09-16 | N/A |
| Unspecified vulnerability in the MessagingSystem servlet in SAP NetWeaver 7.0 allows remote attackers to obtain sensitive information about the MessagingSystem Performance Data via unspecified vectors. | ||||
| CVE-2014-10002 | 1 Jetbrains | 1 Teamcity | 2024-09-16 | N/A |
| Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors. | ||||
| CVE-2018-15660 | 1 Olacabs | 1 Olamoney | 2024-09-16 | N/A |
| An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Money data such as a credit card number, expiration date, bank account number, and transaction history. NOTE: the vendor does not agree that this is a security issue requiring a fix | ||||
| CVE-2022-20754 | 1 Cisco | 1 Telepresence Video Communication Server | 2024-09-16 | 9 Critical |
| Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2017-17536 | 1 Phacility | 1 Phabricator | 2024-09-16 | N/A |
| Phabricator before 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring. | ||||
| CVE-2018-1928 | 1 Ibm | 1 Storediq | 2024-09-16 | N/A |
| IBM StoredIQ 7.6.0 does not implement proper authorization of user roles due to which it was possible for a low privileged user to access the application endpoints of high privileged users and also perform some state changing actions restricted to a high privileged user. IBM X-Force ID: 153119. | ||||
| CVE-2018-5234 | 1 Symantec | 2 Norton Core, Norton Core Firmware | 2024-09-16 | N/A |
| The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software. | ||||
| CVE-2020-4592 | 1 Ibm | 1 Mq Appliance | 2024-09-16 | 6.5 Medium |
| IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. | ||||
| CVE-2017-3750 | 2 Google, Lenovo | 21 Android, Vibe A1600, Vibe A2560 and 18 more | 2024-09-16 | N/A |
| On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749. | ||||
| CVE-2020-5024 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2024-09-16 | 7.5 High |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660. | ||||