Total
28566 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8715 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-09-17 | N/A |
| The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass". | ||||
| CVE-2019-4088 | 1 Ibm | 1 Spectrum Protect Operations Center | 2024-09-17 | 7.8 High |
| IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allow a local attacker to gain elevated privileges on the system, caused by loading a specially crafted library loaded by the dsmqsan module. By setting up such a library, a local attacker could exploit this vulnerability to gain root privileges on the vulnerable system. IBM X-Force ID: 157511. | ||||
| CVE-2019-1730 | 1 Cisco | 48 Nexus 3000, Nexus 3100, Nexus 3100-z and 45 more | 2024-09-17 | 6.7 Medium |
| A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must authenticate with valid administrator device credentials. The vulnerability is due to the incorrect implementation of a CLI command that allows a Bash command to be incorrectly invoked on the Guest Shell CLI. An attacker could exploit this vulnerability by authenticating to the device and entering a crafted command at the Guest Shell prompt. A successful exploit could allow the attacker to issue commands that should be restricted by a Guest Shell account. | ||||
| CVE-2013-2332 | 1 Hp | 1 Storage Data Protector | 2024-09-17 | N/A |
| Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1654. | ||||
| CVE-2017-1508 | 2 Ibm, Linux | 2 Informix Dynamic Server, Linux Kernel | 2024-09-17 | N/A |
| IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620. | ||||
| CVE-2018-17178 | 1 Neatorobotics | 10 Botvac D3 Connected, Botvac D3 Connected Firmware, Botvac D4 Connected and 7 more | 2024-09-17 | 5.3 Medium |
| An issue was discovered on Neato Botvac Connected 2.2.0 devices. They execute unauthenticated manual drive commands (sent to /bin/webserver on port 8081) if they already have an active session. Commands like forward, back, arc-left, arc-right, pivot-left, and pivot-right are executed even though the web socket replies with { "message" : "invalid authorization header" }. Without an active session, commands are still interpreted, but (except for eco-on and eco-off) have no effect, since without active driving, a driving direction does not change anything. | ||||
| CVE-2012-0376 | 1 Cisco | 1 Unified Communications Manager | 2024-09-17 | N/A |
| The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367. | ||||
| CVE-2010-3888 | 1 Microsoft | 1 Windows | 2024-09-17 | N/A |
| Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers. | ||||
| CVE-2018-17015 | 1 Tp-link | 2 Tl-wr886n, Tl-wr886n Firmware | 2024-09-17 | N/A |
| An issue was discovered on TP-Link TL-WR886N 6.0 2.3.4 and TL-WR886N 7.0 1.1.0 devices. Authenticated attackers can crash router services (e.g., inetd, HTTP, DNS, and UPnP) via long JSON data for ddns phddns username. | ||||
| CVE-2017-10606 | 1 Juniper | 5 Srx300, Srx320, Srx340 and 2 more | 2024-09-17 | N/A |
| Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration data. While other products also ship with a TPM, no other products or platforms are affected by this vulnerability. Customers can confirm the version of TPM firmware via the 'show security tpm status' command. This issue was discovered by an external security researcher. No other Juniper Networks products or platforms are affected by this issue. | ||||
| CVE-2017-0811 | 1 Google | 1 Android | 2024-09-17 | N/A |
| A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37930177. | ||||
| CVE-2002-2431 | 1 Goahead | 1 Goahead Webserver | 2024-09-17 | N/A |
| Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c. | ||||
| CVE-2011-3462 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-09-17 | N/A |
| Time Machine in Apple Mac OS X before 10.7.3 does not verify the unique identifier of its remote AFP volume or Time Capsule, which allows remote attackers to obtain sensitive information contained in new backups by spoofing this storage object, a different vulnerability than CVE-2010-1803. | ||||
| CVE-2020-4476 | 1 Ibm | 1 Sterling File Gateway | 2024-09-17 | 7.5 High |
| IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778. | ||||
| CVE-2021-38989 | 1 Ibm | 2 Aix, Vios | 2024-09-17 | 5.5 Medium |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951. | ||||
| CVE-2018-3655 | 1 Intel | 3 Converged Security Management Engine Firmware, Server Platform Services Firmware, Trusted Execution Engine Firmware | 2024-09-17 | N/A |
| A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access. | ||||
| CVE-2017-13265 | 1 Google | 1 Android | 2024-09-17 | N/A |
| A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423. | ||||
| CVE-2018-1782 | 1 Ibm | 1 Spectrum Scale | 2024-09-17 | N/A |
| IBM GPFS (IBM Spectrum Scale 5.0.1.0 and 5.0.1.1) allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805. | ||||
| CVE-2018-0862 | 1 Microsoft | 3 Office, Office Compatibility Pack, Word | 2024-09-17 | N/A |
| Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807. | ||||
| CVE-2013-4804 | 1 Ibm | 1 Business Process Monitor | 2024-09-17 | N/A |
| Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors. | ||||