Total
29109 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-22567 | 1 Dart | 1 Dart Software Development Kit | 2024-09-17 | 4.6 Medium |
| Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a program in unexpected ways. | ||||
| CVE-2020-29506 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-09-17 | 6.8 Medium |
| Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. | ||||
| CVE-2005-0580 | 1 Krzysztof Dabrowski | 1 Cmd5checkpw | 2024-09-17 | N/A |
| cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file. | ||||
| CVE-2022-38058 | 1 Wpvar | 1 Wp Shamsi | 2024-09-17 | 4.3 Medium |
| Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress. | ||||
| CVE-2020-4173 | 2 Ibm, Linux | 3 Infosphere Guardium Activity Monitor, Security Guardium Insights, Linux Kernel | 2024-09-17 | 4.3 Medium |
| IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682. | ||||
| CVE-2014-2868 | 1 Paperthin | 1 Commonspot Content Server | 2024-09-17 | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to modify the flow of execution of ColdFusion code by using an HTTP GET request to set a ColdFusion variable. | ||||
| CVE-2010-3377 | 1 Salome-platform | 1 Salome | 2024-09-17 | N/A |
| The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) hxx2salome scripts in SALOME 5.1.3 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | ||||
| CVE-2005-0574 | 1 Cupidsystems | 1 Cis Webserver | 2024-09-17 | N/A |
| Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the URL. | ||||
| CVE-2002-1990 | 1 Caucho Technology | 1 Resin | 2024-09-17 | N/A |
| Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical path information via a URL request for the example Java class file HelloServlet. | ||||
| CVE-2020-7277 | 1 Mcafee | 1 Endpoint Security | 2024-09-17 | 6.8 Medium |
| Protection mechanism failure in all processes in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 April 2020 Update allows local users to stop certain McAfee ENS processes, reducing the protection offered. | ||||
| CVE-2005-1570 | 1 Battleaxe Software | 1 Bttlxeforum | 2024-09-17 | N/A |
| forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability. | ||||
| CVE-2022-24409 | 1 Dell | 1 Bsafe Ssl-j | 2024-09-17 | 5.9 Medium |
| Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date. | ||||
| CVE-2006-6471 | 1 Xerox | 1 Workcentre | 2024-09-17 | N/A |
| Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 use weak permissions for certain files, which allows unspecified file access. | ||||
| CVE-2002-1821 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2024-09-17 | N/A |
| Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php. | ||||
| CVE-2003-0613 | 1 Zblast | 1 Zblast | 2024-09-17 | N/A |
| Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file. | ||||
| CVE-2006-6391 | 1 Open Solution | 1 Quick.cart | 2024-09-17 | N/A |
| Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. (dot dot) in the config[db_type] parameter to (1) actions_admin/other.php and (2) actions_client/gallery.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2002-1831 | 1 Microsoft | 1 Msn Messenger | 2024-09-17 | N/A |
| Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field. | ||||
| CVE-2007-4501 | 1 Sshkeychain | 1 Sshkeychain | 2024-09-17 | N/A |
| Unspecified vulnerability in PassphraseRequester in SSHKeychain before 0.8.2 beta allows attackers to obtain sensitive information (passwords) via unknown vectors, related to "poor protection." | ||||
| CVE-2006-4506 | 1 Netiq | 1 Identity Manager | 2024-09-17 | N/A |
| idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval injection. | ||||
| CVE-2005-4686 | 1 Punbb | 1 Punbb | 2024-09-17 | N/A |
| PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information. | ||||