Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11818 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-09-17 | N/A |
| The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security Feature Bypass Vulnerability". | ||||
| CVE-2015-9243 | 1 Hapijs | 1 Hapi | 2024-09-17 | N/A |
| When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`). | ||||
| CVE-2014-10063 | 1 Qualcomm | 4 Mdm9625, Mdm9625 Firmware, Sd 800 and 1 more | 2024-09-17 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 and SD 800, a fuse is not correctly blown on a secure device. | ||||
| CVE-2016-1585 | 1 Canonical | 1 Apparmor | 2024-09-16 | N/A |
| In all versions of AppArmor mount rules are accidentally widened when compiled. | ||||
| CVE-2011-3145 | 2 Mount.ecrpytfs Private Project, Redhat | 2 Mount.ecrpytfs Private, Enterprise Linux | 2024-09-16 | N/A |
| When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private. | ||||
| CVE-2016-10552 | 1 Infragistics | 1 Igniteui | 2024-09-16 | N/A |
| igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol. | ||||
| CVE-2015-1142857 | 3 Dpdk, Intel, Linux | 13 Dpdk, 82576, 82576 Firmware and 10 more | 2024-09-16 | N/A |
| On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected. | ||||
| CVE-2017-1000406 | 1 Opendaylight | 1 Karaf | 2024-09-16 | N/A |
| OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart). | ||||
| CVE-2014-1428 | 1 Canonical | 1 Metal As A Service | 2024-09-16 | N/A |
| A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2. | ||||
| CVE-2016-10443 | 1 Qualcomm | 58 Mdm9206, Mdm9206 Firmware, Mdm9607 and 55 more | 2024-09-16 | N/A |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, packet replay may be possible. | ||||
| CVE-2016-2398 | 1 Comcast | 1 Xfinity Home Security System | 2024-09-16 | N/A |
| Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions. | ||||
| CVE-2015-9065 | 1 Google | 1 Android | 2024-09-16 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. | ||||
| CVE-2016-8964 | 1 Ibm | 2 Bigfix Inventory, License Metric Tool | 2024-09-16 | N/A |
| IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. | ||||
| CVE-2000-0277 | 1 Microsoft | 1 Excel | 2024-08-08 | N/A |
| Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. | ||||
| CVE-2002-0493 | 1 Apache | 1 Tomcat | 2024-08-08 | N/A |
| Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions. | ||||
| CVE-2006-6503 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2024-08-07 | N/A |
| Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI. | ||||
| CVE-2006-3678 | 1 3com | 1 Tippingpoint Ips Tos | 2024-08-07 | N/A |
| TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to "force the device into layer 2 fallback (L2FB)", causing a denial of service (page fault), via a malformed packet. | ||||
| CVE-2008-1195 | 3 Canonical, Redhat, Sun | 6 Ubuntu Linux, Network Satellite, Rhel Extras and 3 more | 2024-08-07 | N/A |
| Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. | ||||
| CVE-2008-1192 | 2 Redhat, Sun | 5 Network Satellite, Rhel Extras, Jdk and 2 more | 2024-08-07 | N/A |
| Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier, and 1.3.1_21 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors. | ||||
| CVE-2009-5144 | 1 Mod Gnutls Project | 1 Mod Gnutls | 2024-08-07 | N/A |
| mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate. | ||||