Total
309 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4440 | 1 Apple | 1 Mac Os X | 2017-08-29 | 2.6 LOW | N/A |
| The MCX Desktop Config Profiles implementation in Apple OS X before 10.10 retains web-proxy settings from uninstalled mobile-configuration profiles, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging access to an unintended proxy server. | |||||
| CVE-2014-3052 | 1 Ibm | 2 Security Access Manager For Web 8.0 Firmware, Security Access Manager For Web Appliance | 2017-08-29 | 3.3 LOW | N/A |
| The reverse-proxy feature in IBM Security Access Manager (ISAM) for Web 8.0 with firmware 8.0.0.2 and 8.0.0.3 interprets the jct-nist-compliance parameter in the opposite of the intended manner, which makes it easier for remote attackers to obtain sensitive information by leveraging weak SSL encryption settings that lack NIST SP 800-131A compliance. | |||||
| CVE-2013-4128 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2017-08-29 | 6.4 MEDIUM | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client. | |||||
| CVE-2013-0470 | 1 Ibm | 1 Netezza Performance Portal | 2017-08-29 | 4.0 MEDIUM | N/A |
| HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by listing image files. | |||||
| CVE-2012-6050 | 1 Mikrotik | 1 Routeros | 2017-08-29 | 6.4 MEDIUM | N/A |
| The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll. | |||||
| CVE-2012-5770 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2017-08-29 | 5.8 MEDIUM | N/A |
| The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack. | |||||
| CVE-2012-5526 | 1 Andy Armstrong | 1 Cgi.pm | 2017-08-29 | 5.0 MEDIUM | N/A |
| CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. | |||||
| CVE-2012-5512 | 1 Citrix | 1 Xenserver | 2017-08-29 | 3.2 LOW | N/A |
| Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. | |||||
| CVE-2012-4537 | 1 Xen | 1 Xen | 2017-08-29 | 2.1 LOW | N/A |
| Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability." | |||||
| CVE-2012-3496 | 2 Citrix, Xen | 2 Xenserver, Xen | 2017-08-29 | 4.7 MEDIUM | N/A |
| XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand. | |||||
| CVE-2011-3008 | 1 Avaya | 1 Secure Access Link Gateway | 2017-08-29 | 5.0 MEDIUM | N/A |
| The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allows remote attackers to obtain sensitive information by leveraging administrative access to these domain names, as demonstrated by alarm and log information. | |||||
| CVE-2011-2666 | 1 Digium | 1 Asterisk | 2017-08-29 | 5.0 MEDIUM | N/A |
| The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536. | |||||
| CVE-2011-2395 | 1 Cisco | 1 Ios | 2017-08-29 | 5.0 MEDIUM | N/A |
| The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message. | |||||
| CVE-2011-2166 | 1 Dovecot | 1 Dovecot | 2017-08-29 | 6.5 MEDIUM | N/A |
| script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script. | |||||
| CVE-2000-1247 | 1 Apache | 1 Jserv | 2017-08-29 | 2.1 LOW | N/A |
| The default configuration of the jserv-status handler in jserv.conf in Apache JServ 1.1.2 includes an "allow from 127.0.0.1" line, which allows local users to discover JDBC passwords or other sensitive information via a direct request to the jserv/ URI. | |||||
| CVE-2016-10388 | 1 Google | 1 Android | 2017-08-23 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. | |||||
| CVE-2011-1681 | 1 Vmware | 1 Open-vm-tools | 2017-08-17 | 3.3 LOW | N/A |
| vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | |||||
| CVE-2011-1499 | 2 Banu, Debian | 2 Tinyproxy, Debian Linux | 2017-08-17 | 2.6 LOW | N/A |
| acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server. | |||||
| CVE-2011-1406 | 1 Mahara | 1 Mahara | 2017-08-17 | 4.3 MEDIUM | N/A |
| Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login. | |||||
| CVE-2011-1370 | 1 Ibm | 1 Lotus Sametime | 2017-08-17 | 5.0 MEDIUM | N/A |
| The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message. | |||||