Total
646 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-1846 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." | ||||
CVE-2013-4561 | 1 Redhat | 1 Openshift | 2024-08-06 | 9.1 Critical |
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. | ||||
CVE-2013-4480 | 2 Redhat, Suse | 5 Network Satellite, Satellite, Satellite With Embedded Oracle and 2 more | 2024-08-06 | N/A |
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. | ||||
CVE-2013-4374 | 1 Redhat | 2 Jboss Operations Network, Rhq Mongo Db Drift Server | 2024-08-06 | 7.1 High |
An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files. | ||||
CVE-2013-4280 | 1 Redhat | 3 Enterprise Virtualization, Storage, Virtual Desktop Server Manager | 2024-08-06 | 5.5 Medium |
Insecure temporary file vulnerability in RedHat vsdm 4.9.6. | ||||
CVE-2013-4253 | 1 Redhat | 1 Openshift | 2024-08-06 | 7.5 High |
The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file. | ||||
CVE-2024-42350 | 2024-08-06 | 3 Low | ||
Biscuit is an authorization token with decentralized verification, offline attenuation and strong security policy enforcement based on a logic language. Third-party blocks can be generated without transferring the whole token to the third-party authority. Instead, a `ThirdPartyBlock` request can be sent, providing only the necessary info to generate a third-party block and to sign it: 1. the public key of the previous block (used in the signature), 2. the public keys part of the token symbol table (for public key interning in datalog expressions). A third-part block request forged by a malicious user can trick the third-party authority into generating datalog trusting the wrong keypair. Tokens with third-party blocks containing `trusted` annotations generated through a third party block request. This has been addressed in version 4 of the specification. Users are advised to update their implementations to conform. There are no known workarounds for this vulnerability. | ||||
CVE-2013-2183 | 1 Monkey-project | 1 Monkey | 2024-08-06 | 7.1 High |
Monkey HTTP Daemon has local security bypass | ||||
CVE-2013-0163 | 1 Redhat | 1 Openshift | 2024-08-06 | 5.5 Medium |
OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS | ||||
CVE-2014-2387 | 3 Debian, Opensuse, Pen Project | 3 Debian Linux, Opensuse, Pen | 2024-08-06 | 4.4 Medium |
Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities | ||||
CVE-2014-0023 | 1 Redhat | 1 Openshift | 2024-08-06 | 7.8 High |
OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | ||||
CVE-2015-10004 | 1 Json Web Token Project | 1 Json Web Token | 2024-08-06 | 7.5 High |
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC. | ||||
CVE-2015-9550 | 1 Totolink | 16 A850r-v1, A850r-v1 Firmware, F1-v2 and 13 more | 2024-08-06 | 7.5 High |
An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface. | ||||
CVE-2016-11010 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-08-06 | 5.3 Medium |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. | ||||
CVE-2016-11007 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-08-06 | 5.3 Medium |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. | ||||
CVE-2016-11008 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-08-06 | 5.3 Medium |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. | ||||
CVE-2016-11009 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-08-06 | 5.3 Medium |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. | ||||
CVE-2016-11006 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-08-06 | 5.3 Medium |
The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. | ||||
CVE-2016-10840 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). | ||||
CVE-2016-5787 | 1 Ge | 1 Cimplicity | 2024-08-06 | 6.3 Medium |
General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. |