Total
410 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-6498 | 1 Alcatel-lucent | 1 Home Device Manager | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices. | |||||
CVE-2016-0332 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695. | |||||
CVE-2015-5246 | 1 Theforeman | 1 Foreman | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory. | |||||
CVE-2014-3150 | 1 Orange | 2 Livebox 1.1, Livebox 1.1 Firmware | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. | |||||
CVE-2015-7267 | 2 Samsung, Seagate | 8 850 Pro, 850 Pro Firmware, Pm851 and 5 more | 2023-12-10 | 1.9 LOW | 4.2 MEDIUM |
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack." | |||||
CVE-2016-8964 | 1 Ibm | 2 Bigfix Inventory, License Metric Tool | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 118853. | |||||
CVE-2015-0233 | 1 Fedoraproject | 1 389 Administration Server | 2023-12-10 | 4.6 MEDIUM | 4.2 MEDIUM |
Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38. | |||||
CVE-2015-9065 | 1 Google | 1 Android | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. | |||||
CVE-2014-5334 | 1 Freenas | 1 Freenas | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login. | |||||
CVE-2015-7843 | 1 Huawei | 10 Fusionserver Ch121 V3, Fusionserver Ch220 V3, Fusionserver Ch222 V3 and 7 more | 2023-12-10 | 4.0 MEDIUM | 8.8 HIGH |
The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 does not limit the number of query attempts, which allows remote authenticated users to obtain credentials of higher-level users via a brute force attack. | |||||
CVE-2017-11818 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2023-12-10 | 4.4 MEDIUM | 4.5 MEDIUM |
The Microsoft Windows Storage component on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass vulnerability when it fails to validate an integrity-level check, aka "Windows Storage Security Feature Bypass Vulnerability". | |||||
CVE-2012-5010 | 1 Cisco | 1 Adaptive Security Appliance Software | 2023-12-10 | 4.8 MEDIUM | 8.1 HIGH |
ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, 8.2.x before 8.2.5 Interim, 9.1.x before 9.1.6 Interim, ASA 5555-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5520 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5505 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5525-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5512-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5585-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5540 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.2.x before 8.2.5 Interim, 8.4.x before 8.4.7 Interim, 9.1.x before 9.1.6 Interim, ASA 5515-X Adaptive Security Appliance ASA for Application Centric Infrastructure (ACI) Device Package 1.2.4.x before 1.2.4.8, ASA 5555-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.4.x before 9.4.1 Interim, 9.1.x before 9.1.6 Interim, ASA 5580 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.1.x before 9.1.6 Interim, ASA 5585-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.2.x before 9.2.4 Interim, 9.4.x before 9.4.1 Interim, ASA 5525-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP, 9.1.x before 9.1.6 Interim, ASA 5545-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim or 9.2.4.SMP. 9.1.x before 9.1.6 ASA does not check the source of the ARP request or GARP packets for addresses it performs NAT translation for under unspecified conditions. | |||||
CVE-2016-10517 | 1 Redislabs | 1 Redis | 2023-12-10 | 4.3 MEDIUM | 7.4 HIGH |
networking.c in Redis before 3.2.7 allows "Cross Protocol Scripting" because it lacks a check for POST and Host: strings, which are not valid in the Redis protocol (but commonly occur when an attack triggers an HTTP request to the Redis TCP port). | |||||
CVE-2015-6473 | 1 Wago | 4 Wago I\/o Plc 750-849, Wago I\/o Plc 750-849 Firmware, Wago I\/o Plc 758-870 and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. | |||||
CVE-2014-9634 | 2 Apache, Jenkins | 2 Tomcat, Jenkins | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session. | |||||
CVE-2016-4890 | 1 Zohocorp | 1 Servicedesk Plus | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method for generating cookies, which makes it easier for attackers to obtain sensitive password information by leveraging access to a cookie. | |||||
CVE-2016-3180 | 1 Tor Browser Launcher Project | 1 Tor Browser Launcher | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature. | |||||
CVE-2016-10178 | 1 Dlink | 2 Dwr-932b, Dwr-932b Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command. | |||||
CVE-2016-10148 | 1 Wordpress | 1 Wordpress | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
The wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 makes a get_plugin_data call before checking the update_plugins capability, which allows remote authenticated users to bypass intended read-access restrictions via the plugin parameter to wp-admin/admin-ajax.php, a related issue to CVE-2016-6896. | |||||
CVE-2016-3102 | 1 Jenkins | 1 Script Security | 2023-12-10 | 7.5 HIGH | 7.3 HIGH |
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations. |