Total
29517 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-18920 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy. | ||||
| CVE-2016-20014 | 1 Pam Tacplus Project | 1 Pam Tacplus | 2024-11-21 | 9.8 Critical |
| In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure. | ||||
| CVE-2016-20012 | 2 Netapp, Openbsd | 5 Clustered Data Ontap, Hci Management Node, Ontap Select Deploy Administration Utility and 2 more | 2024-11-21 | 5.3 Medium |
| OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. NOTE: the vendor does not recognize user enumeration as a vulnerability for this product | ||||
| CVE-2016-20008 | 1 Rest\/json Project | 1 Rest\/json | 2024-11-21 | 7.5 High |
| The REST/JSON project 7.x-1.x for Drupal allows session enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2016-20003 | 1 Rest\/json Project | 1 Rest\/json | 2024-11-21 | 7.5 High |
| The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2015-1853 | 2 Redhat, Tuxfamily | 2 Enterprise Linux, Chrony | 2024-11-21 | 6.5 Medium |
| chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (inability to synchronize) via random timestamps in crafted NTP data packets. | ||||
| CVE-2014-8183 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-11-21 | 7.4 High |
| It was found that foreman, versions 1.x.x before 1.15.6, in Satellite 6 did not properly enforce access controls on certain resources. An attacker with access to the API and knowledge of the resource name can access resources in other organizations. | ||||
| CVE-2014-5138 | 1 Iii | 1 Sierra | 2024-11-21 | 7.5 High |
| Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule. | ||||
| CVE-2014-2680 | 1 Xmind | 1 Xmind | 2024-11-21 | 8.1 High |
| The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack. | ||||
| CVE-2014-125036 | 1 Ansible-ntp Project | 1 Ansible-ntp | 2024-11-21 | 2.6 Low |
| A vulnerability, which was classified as problematic, has been found in drybjed ansible-ntp. Affected by this issue is some unknown functionality of the file meta/main.yml. The manipulation leads to insufficient control of network message volume. The attack can only be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The patch is identified as ed4ca2cf012677973c220cdba36b5c60bfa0260b. It is recommended to apply a patch to fix this issue. VDB-217190 is the identifier assigned to this vulnerability. | ||||
| CVE-2014-0021 | 3 Chrony Project, Debian, Fedoraproject | 3 Chrony, Debian Linux, Fedora | 2024-11-21 | 7.5 High |
| Chrony before 1.29.1 has traffic amplification in cmdmon protocol | ||||
| CVE-2013-6927 | 1 Triplc | 1 Trilogi Server | 2024-11-21 | 5.5 Medium |
| Internet TRiLOGI Server (unknown versions) could allow a local user to bypass security and create a local user account. | ||||
| CVE-2013-6792 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability | ||||
| CVE-2013-5657 | 1 Aultware | 1 Pwstore | 2024-11-21 | 7.5 High |
| AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request | ||||
| CVE-2013-4090 | 1 Varnish Cache Project | 1 Varnish Cache | 2024-11-21 | 7.5 High |
| Varnish HTTP cache before 3.0.4: ACL bug | ||||
| CVE-2013-3629 | 1 Ispconfig | 1 Ispconfig | 2024-11-21 | 8.8 High |
| ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution | ||||
| CVE-2013-2009 | 1 Automattic | 1 Wp Super Cache | 2024-11-21 | 8.8 High |
| WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution | ||||
| CVE-2013-1924 | 1 Skill | 1 Commerce Skrill | 2024-11-21 | 7.5 High |
| Commerce Skrill (Formerly Moneybookers) has an Access bypass vulnerability in all versions prior to 7.x-1.2 | ||||
| CVE-2013-1202 | 1 Cisco | 1 Ace Application Control Engine Module A2 | 2024-11-21 | 7.5 High |
| Cisco ACE A2(3.6) allows log retention DoS. | ||||
| CVE-2012-4284 | 1 Sparklabs | 1 Viscosity | 2024-11-21 | 9.8 Critical |
| A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code | ||||