Total
410 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-9071 | 1 Mozilla | 1 Firefox | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50. | |||||
CVE-2014-10063 | 1 Qualcomm | 4 Mdm9625, Mdm9625 Firmware, Sd 800 and 1 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 and SD 800, a fuse is not correctly blown on a secure device. | |||||
CVE-2016-0274 | 1 Ibm | 1 Financial Transaction Manager | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to conduct clickjacking attacks via a crafted web site. IBM X-Force ID: 111076. | |||||
CVE-2018-4863 | 1 Sophos | 1 Endpoint Protection | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key. | |||||
CVE-2015-1142857 | 3 Dpdk, Intel, Linux | 13 Dpdk, 82576, 82576 Firmware and 10 more | 2023-12-10 | 5.0 MEDIUM | 8.6 HIGH |
On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected. | |||||
CVE-2017-1000406 | 1 Opendaylight | 1 Karaf | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart). | |||||
CVE-2016-3997 | 1 Netapp | 1 Clustered Data Ontap | 2023-12-10 | 6.8 MEDIUM | 7.5 HIGH |
NetApp Clustered Data ONTAP allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service by leveraging failure to enable SMB signing enforcement in its default state. | |||||
CVE-2015-6592 | 1 Huawei | 2 Uap2105, Uap2105 Firmware | 2023-12-10 | 7.2 HIGH | 6.8 MEDIUM |
Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. | |||||
CVE-2016-10332 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications. | |||||
CVE-2011-2683 | 1 Reseed Project | 1 Reseed | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
reseed seeds random numbers from an insecure HTTP request to random.org during installation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-middle attack. | |||||
CVE-2015-3170 | 1 Selinux Project | 1 Selinux | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy. | |||||
CVE-2015-7269 | 1 Seagate | 2 St500lt015, St500lt015 Firmware | 2023-12-10 | 1.9 LOW | 4.2 MEDIUM |
Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack." | |||||
CVE-2014-9635 | 2 Apache, Jenkins | 2 Tomcat, Jenkins | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. | |||||
CVE-2016-3400 | 1 Netapp | 1 Data Ontap | 2023-12-10 | 6.8 MEDIUM | 7.5 HIGH |
NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. | |||||
CVE-2015-7225 | 1 Tinfoilsecurity | 1 Devise-two-factor | 2023-12-10 | 3.5 LOW | 5.3 MEDIUM |
Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step. | |||||
CVE-2015-7268 | 2 Samsung, Seagate | 8 850 Pro, 850 Pro Firmware, Pm851 and 5 more | 2023-12-10 | 1.9 LOW | 4.2 MEDIUM |
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack." | |||||
CVE-2016-10336 | 1 Google | 1 Android | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot. | |||||
CVE-2016-9738 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783. | |||||
CVE-2016-6594 | 1 Bluecoat | 3 Advanced Secure Gateway, Cacheflow, Proxysg | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and 6.6 allows remote attackers to bypass blocked requests, user authentication, and payload scanning. | |||||
CVE-2015-7837 | 1 Redhat | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server Aus and 3 more | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. |