Total
28605 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28507 | 1 Arista | 1 Eos | 2024-09-17 | 5.5 Medium |
| An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent. | ||||
| CVE-2017-9709 | 1 Google | 1 Android | 2024-09-17 | N/A |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony. | ||||
| CVE-2017-2915 | 1 Meetcircle | 2 Circle With Disney, Circle With Disney Firmware | 2024-09-17 | 8.0 High |
| An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability. | ||||
| CVE-2010-0612 | 1 Dmanager | 1 Documentmanager | 2024-09-17 | N/A |
| Unspecified vulnerability in DocumentManager before 4.0 has unknown impact and attack vectors, related to file rights. | ||||
| CVE-2018-0284 | 1 Cisco | 12 Meraki Mr, Meraki Mr 24 Firmware, Meraki Mr 25 Firmware and 9 more | 2024-09-17 | N/A |
| A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited. | ||||
| CVE-2020-4329 | 1 Ibm | 1 Websphere Application Server | 2024-09-17 | 4.3 Medium |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking. This could be exploited to conduct spoofing attacks. IBM X-Force ID: 177841. | ||||
| CVE-2018-0822 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-09-17 | N/A |
| NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability". | ||||
| CVE-2019-4614 | 4 Ibm, Linux, Microsoft and 1 more | 5 Mq, Mq Appliance, Linux Kernel and 2 more | 2024-09-17 | 6.5 Medium |
| IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. | ||||
| CVE-2018-15395 | 1 Cisco | 1 Wireless Lan Controller Software | 2024-09-17 | N/A |
| A vulnerability in the authentication and authorization checking mechanisms of Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, adjacent attacker to gain network access to a Cisco TrustSec domain. Under normal circumstances, this access should be prohibited. The vulnerability is due to the dynamic assignment of Security Group Tags (SGTs) during a wireless roam from one Service Set Identifier (SSID) to another within the Cisco TrustSec domain. An attacker could exploit this vulnerability by attempting to acquire an SGT from other SSIDs within the domain. Successful exploitation could allow the attacker to gain privileged network access that should be prohibited under normal circumstances. | ||||
| CVE-2020-4353 | 1 Ibm | 1 Maas360 | 2024-09-17 | 4.6 Medium |
| IBM MaaS360 6.82 could allow a user with pysical access to the device to crash the application which may enable the user to access restricted applications and device settings. IBM X-Force ID: 178505. | ||||
| CVE-2013-4611 | 2 Project-redcap, Vanderbilt | 2 Redcap, Redcap | 2024-09-17 | N/A |
| Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow remote attackers to have an unknown impact via vectors involving (1) the Online Designer page or (2) the Manage Survey Participants page. | ||||
| CVE-2022-31770 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2024-09-17 | 4.9 Medium |
| IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221. | ||||
| CVE-2021-35235 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-09-17 | 5.3 Medium |
| The ASP.NET debug feature is enabled by default in Kiwi Syslog Server 9.7.2 and previous versions. ASP.NET allows remote debugging of web applications, if configured to do so. Debug mode causes ASP.NET to compile applications with extra information. The information enables a debugger to closely monitor and control the execution of an application. If an attacker could successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure that may be valuable in targeting SWI with malicious intent. | ||||
| CVE-2021-27760 | 1 Hcltech | 1 Hcl Inotes | 2024-09-17 | 4.6 Medium |
| An issue was discovered in the Sametime chat feature in the Notes 11.0 - 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code. | ||||
| CVE-2019-4656 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Mq and 5 more | 2024-09-17 | 6.5 Medium |
| IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. | ||||
| CVE-2017-1000483 | 1 Plone | 1 Plone | 2024-09-17 | N/A |
| Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5. | ||||
| CVE-2021-29701 | 3 Ibm, Linux, Microsoft | 4 Engineering Workflow Management, Rational Team Concert, Linux Kernel and 1 more | 2024-09-17 | 4.3 Medium |
| IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system. IBM X-Force ID: 200657. | ||||
| CVE-2013-2366 | 1 Ibm | 1 Business Process Monitor | 2024-09-17 | N/A |
| Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors, aka ZDI-CAN-1802. | ||||
| CVE-2018-0389 | 1 Cisco | 2 Spa514g, Spa514g Firmware | 2024-09-17 | N/A |
| A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. Cisco has not released software updates that address this vulnerability. This vulnerability affects Cisco Small Business SPA514G IP Phones that are running firmware release 7.6.2SR2 or earlier. | ||||
| CVE-2021-29785 | 2 Ibm, Linux | 2 Soar, Linux Kernel | 2024-09-17 | 5.9 Medium |
| IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 203169. | ||||