Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0274 | 1 Ibm | 1 Financial Transaction Manager | 2018-03-26 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to conduct clickjacking attacks via a crafted web site. IBM X-Force ID: 111076. | |||||
| CVE-2016-9568 | 1 Carbonblack | 1 Carbon Black | 2018-03-21 | 10.0 HIGH | 9.8 CRITICAL |
| A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions. | |||||
| CVE-2009-5144 | 1 Mod Gnutls Project | 1 Mod Gnutls | 2018-03-13 | 5.0 MEDIUM | 7.5 HIGH |
| mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate. | |||||
| CVE-2011-4889 | 1 Ibm | 1 Websphere Application Server | 2018-03-10 | 7.5 HIGH | 9.8 CRITICAL |
| The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581. | |||||
| CVE-2015-1142857 | 3 Dpdk, Intel, Linux | 13 Dpdk, 82576, 82576 Firmware and 10 more | 2018-02-15 | 5.0 MEDIUM | 8.6 HIGH |
| On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected. | |||||
| CVE-2014-5334 | 1 Freenas | 1 Freenas | 2018-01-29 | 10.0 HIGH | 9.8 CRITICAL |
| FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login. | |||||
| CVE-2016-0332 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2018-01-29 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 do not properly restrict failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. IBM X-Force ID: 111695. | |||||
| CVE-2016-7401 | 3 Canonical, Debian, Djangoproject | 3 Ubuntu Linux, Debian Linux, Django | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| The cookie parsing code in Django before 1.8.15 and 1.9.x before 1.9.10, when used on a site with Google Analytics, allows remote attackers to bypass an intended CSRF protection mechanism by setting arbitrary cookies. | |||||
| CVE-2016-0790 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2018-01-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach. | |||||
| CVE-2015-8777 | 1 Gnu | 1 Glibc | 2018-01-05 | 2.1 LOW | 5.5 MEDIUM |
| The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. | |||||
| CVE-2015-7268 | 2 Samsung, Seagate | 8 850 Pro, 850 Pro Firmware, Pm851 and 5 more | 2017-12-20 | 1.9 LOW | 4.2 MEDIUM |
| Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack." | |||||
| CVE-2015-7269 | 1 Seagate | 2 St500lt015, St500lt015 Firmware | 2017-12-20 | 1.9 LOW | 4.2 MEDIUM |
| Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and attaching the data cable to another machine, aka a "Hot Unplug Attack." | |||||
| CVE-2015-7267 | 2 Samsung, Seagate | 8 850 Pro, 850 Pro Firmware, Pm851 and 5 more | 2017-12-20 | 1.9 LOW | 4.2 MEDIUM |
| Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack." | |||||
| CVE-2017-1000406 | 1 Opendaylight | 1 Karaf | 2017-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart). | |||||
| CVE-2014-3150 | 1 Orange | 2 Livebox 1.1, Livebox 1.1 Firmware | 2017-12-05 | 9.0 HIGH | 8.8 HIGH |
| Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. | |||||
| CVE-2011-2683 | 1 Reseed Project | 1 Reseed | 2017-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| reseed seeds random numbers from an insecure HTTP request to random.org during installation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a man-in-the-middle attack. | |||||
| CVE-2016-1551 | 2 Ntp, Ntpsec | 2 Ntp, Ntpsec | 2017-11-21 | 2.6 LOW | 3.7 LOW |
| ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks. Because reference clocks are treated like other peers and stored in the same structure, any packet with a source ip address of a reference clock (127.127.1.1 for example) that reaches the receive() function will match that reference clock's peer record and will be treated as a trusted peer. Any system that lacks the typical martian packet filtering which would block these packets is in danger of having its time controlled by an attacker. | |||||
| CVE-2016-0287 | 2 Ibm, Microsoft | 2 I Access, Windows | 2017-11-03 | 2.1 LOW | 7.8 HIGH |
| IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors. | |||||
| CVE-2015-5246 | 1 Theforeman | 1 Foreman | 2017-11-01 | 6.8 MEDIUM | 8.1 HIGH |
| The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory. | |||||
| CVE-2015-7843 | 1 Huawei | 10 Fusionserver Ch121 V3, Fusionserver Ch220 V3, Fusionserver Ch222 V3 and 7 more | 2017-10-23 | 4.0 MEDIUM | 8.8 HIGH |
| The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 does not limit the number of query attempts, which allows remote authenticated users to obtain credentials of higher-level users via a brute force attack. | |||||