Total
29206 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2017-6160 | 1 F5 | 2 Big-ip Application Acceleration Manager, Big-ip Policy Enforcement Manager | 2024-09-16 | N/A |
In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to 11.6.1, 11.4.1 to 11.5.4, a remote attacker may create maliciously crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic. This issue is exposed on virtual servers using a Policy Enforcement profile or a Web Acceleration profile. Systems that do not have BIG-IP AAM module provisioned are not vulnerable. The Traffic Management Microkernel (TMM) may restart and temporarily fail to process traffic. Systems that do not have BIG-IP AAM or PEM module provisioned are not vulnerable. | ||||
CVE-2018-9438 | 1 Google | 1 Android | 2024-09-16 | N/A |
When a device connects only over WiFi VPN, the device may not receive security updates due to some incorrect checks. This could lead to a local denial of service of security updates with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.1 Android ID: A-78644887. | ||||
CVE-2013-2365 | 1 Hp | 1 Database And Middleware Automation | 2024-09-16 | N/A |
HP Database and Middleware Automation (DMA) 10.x before 10.10, when SSL is used, allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
CVE-2017-13263 | 1 Google | 1 Android | 2024-09-16 | N/A |
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160. | ||||
CVE-2010-4722 | 1 Smarty | 1 Smarty | 2024-09-16 | N/A |
Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 has unknown impact and remote attack vectors. | ||||
CVE-2020-8322 | 1 Lenovo | 102 14iwl, 14iwl Firmware, 330-14ast and 99 more | 2024-09-16 | 6.4 Medium |
A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. | ||||
CVE-2011-4451 | 1 Wikkawiki | 1 Wikkawiki | 2024-09-16 | N/A |
libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when the spam_logging option is enabled, allows remote attackers to write arbitrary PHP code to the spamlog_path file via the User-Agent HTTP header in an addcomment request. NOTE: the vendor disputes this issue because the rendering of the spamlog_path file never uses the PHP interpreter | ||||
CVE-2018-0417 | 1 Cisco | 2 Wireless Lan Controller, Wireless Lan Controller Software | 2024-09-16 | 7.8 High |
A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited. | ||||
CVE-2021-1610 | 1 Cisco | 5 Small Business Rv340, Small Business Rv340w, Small Business Rv345 and 2 more | 2024-09-16 | 9.8 Critical |
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) condition Execute arbitrary commands For more information about these vulnerabilities, see the Details section of this advisory. | ||||
CVE-2011-0859 | 1 Oracle | 1 Peoplesoft Enterprise Hrms | 2024-09-16 | N/A |
Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Tax Update 11-B and 9.1 Tax Update 11-B allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll - North America. | ||||
CVE-2017-2346 | 1 Juniper | 2 Junos, Mx | 2024-09-16 | N/A |
An MS-MPC or MS-MIC Service PIC may crash when large fragmented packets are passed through an Application Layer Gateway (ALG). Repeated crashes of the Service PC can result in an extended denial of service condition. The issue can be seen only if NAT or stateful-firewall rules are configured with ALGs enabled. This issue was caused by the code change for PR 1182910 in Junos OS 14.1X55-D30, 14.1X55-D35, 14.2R7, 15.1R5, and 16.1R2. No other versions of Junos OS and no other Juniper Networks products or platforms are affected by this issue. Affected releases are Juniper Networks Junos OS on MX platforms running: 14.1X55 from 14.1X55-D30 to releases prior to 14.1X55-D35; 14.2R from 14.2R7 to releases prior to 14.2R7-S4, 14.2R8; 15.1R from 15.1R5 to releases prior to 15.1R5-S2, 15.1R6; 16.1R from 16.1R2 to releases prior to 16.1R3-S2, 16.1R4. | ||||
CVE-2017-2742 | 1 Hp | 1 Web Jetadmin | 2024-09-16 | N/A |
A potential security vulnerability has been identified with HP Web Jetadmin before 10.4 SR2. This vulnerability could potentially be exploited to create a denial of service. | ||||
CVE-2022-25932 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2024-09-16 | 9.8 Critical |
The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability. | ||||
CVE-2021-20579 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-09-16 | 6.5 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283. | ||||
CVE-2021-38941 | 2 Ibm, Linux | 2 Cloud Pak For Multicloud Management Monitoring, Linux Kernel | 2024-09-16 | 8.1 High |
IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048. | ||||
CVE-2022-22328 | 1 Ibm | 1 Partner Engagement Manager | 2024-09-16 | 6.2 Medium |
IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871. | ||||
CVE-2022-34771 | 1 Tabit | 1 Tabit | 2024-09-16 | 5.5 Medium |
Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the system. In addition, the API probably has some kind of template injection potential. When entering {{OTP}} in the custom message field it is formatted into an OTP. | ||||
CVE-2018-1899 | 1 Ibm | 2 Infosphere Information Governance Catalog, Infosphere Information Server On Cloud | 2024-09-16 | N/A |
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow an attacker to change one of the settings related to InfoSphere Business Glossary Anywhere due to improper access control. IBM X-Force ID: 152528. | ||||
CVE-2018-12193 | 1 Intel | 1 Quickassist Technology | 2024-09-16 | 5.5 Medium |
Insufficient access control in driver stack for Intel QuickAssist Technology for Linux before version 4.2 may allow an unprivileged user to potentially disclose information via local access. | ||||
CVE-2017-4932 | 2 Google, Vmware | 2 Android, Airwatch Launcher | 2024-09-16 | N/A |
VMware AirWatch Launcher for Android prior to 3.2.2 contains a vulnerability that could allow an escalation of privilege from the launcher UI context menu to native UI functionality and privilege. Successful exploitation of this issue could result in an escalation of privilege. |