Total
311 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-21532 | 1 Dell | 1 Wyse Thinos | 2024-09-16 | 5 Medium |
Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file. | ||||
CVE-2012-2351 | 2 Debian, Mahara | 2 Debian Linux, Mahara | 2024-09-16 | N/A |
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username. | ||||
CVE-2021-31381 | 1 Juniper | 1 Session And Resource Control | 2024-09-16 | 6.5 Medium |
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system. | ||||
CVE-2010-1381 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-09-16 | N/A |
The default configuration of SMB File Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, enables support for wide links, which allows remote authenticated users to access arbitrary files via vectors involving symbolic links. NOTE: this might overlap CVE-2010-0926. | ||||
CVE-2008-5109 | 1 Adobe | 1 Flash Media Server | 2024-09-16 | N/A |
The default configuration of Adobe Flash Media Server (FMS) 3.0 does not enable SWF Verification for (1) RTMPE and (2) RTMPTE sessions, which makes it easier for remote attackers to make copies of video content via stream-capture software. | ||||
CVE-2019-1829 | 1 Cisco | 14 Aironet 1542d, Aironet 1542i, Aironet 1562d and 11 more | 2024-09-16 | 6.7 Medium |
A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due to improper validation of user-supplied input for certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input for a CLI command. A successful exploit could allow the attacker to obtain access to the underlying Linux OS without proper authentication. | ||||
CVE-2011-4504 | 2 Genmei Mori, Zyxel | 2 Pseudoics, P-330w Router | 2024-09-16 | N/A |
The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. | ||||
CVE-2021-35233 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-09-16 | 5.3 Medium |
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies. | ||||
CVE-2024-45448 | 1 Huawei | 2 Emui, Harmonyos | 2024-09-06 | 4.1 Medium |
Page table protection configuration vulnerability in the trusted firmware module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2023-5332 | 2 Gitlab, Hashicorp | 2 Gitlab, Consul | 2024-08-29 | 5.9 Medium |
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE. | ||||
CVE-2023-33105 | 2024-08-26 | 7.5 High | ||
Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number. | ||||
CVE-2024-42031 | 1 Huawei | 2 Emui, Harmonyos | 2024-08-20 | 7.5 High |
Access permission verification vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
CVE-2000-1247 | 1 Apache | 1 Jserv | 2024-08-08 | N/A |
The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI. | ||||
CVE-2002-2285 | 1 Broadcom | 1 Inoculateit | 2024-08-08 | N/A |
eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may certify that a file is free of viruses before the file has been completely downloaded, which allows remote attackers to bypass virus detection. | ||||
CVE-2002-2263 | 1 Hp | 2 Hp-ux, Visualize Conference Ftp | 2024-08-08 | N/A |
The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files. | ||||
CVE-2002-2247 | 1 Mambo | 1 Mambo Site Server | 2024-08-08 | N/A |
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function. | ||||
CVE-2002-2280 | 1 Openbsd | 1 Openbsd | 2024-08-08 | N/A |
syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server. | ||||
CVE-2003-1566 | 1 Microsoft | 1 Internet Information Services | 2024-08-08 | N/A |
Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. | ||||
CVE-2003-1491 | 1 Kerio | 1 Personal Firewall | 2024-08-08 | N/A |
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53. | ||||
CVE-2003-1426 | 1 Cpanel | 1 Cpanel | 2024-08-08 | N/A |
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable. |