Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9470 | 1 Revive-adserver | 1 Revive Adserver | 2019-10-09 | 9.3 HIGH | 9.0 CRITICAL |
| Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machine by virtually downloading a file from a trusted domain. | |||||
| CVE-2016-10552 | 1 Infragistics | 1 Igniteui | 2019-10-09 | 5.8 MEDIUM | 7.4 HIGH |
| igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol. | |||||
| CVE-2015-9243 | 1 Hapijs | 1 Hapi | 2019-10-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`). | |||||
| CVE-2014-1428 | 1 Canonical | 1 Metal As A Service | 2019-10-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2. | |||||
| CVE-2011-3145 | 1 Mount.ecrpytfs Private Project | 1 Mount.ecrpytfs Private | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private. | |||||
| CVE-2016-0128 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-09-27 | 5.8 MEDIUM | 6.8 MEDIUM |
| The SAM and LSAD protocol implementations in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 do not properly establish an RPC channel, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "Windows SAM and LSAD Downgrade Vulnerability" or "BADLOCK." | |||||
| CVE-2017-18429 | 1 Cpanel | 1 Cpanel | 2019-09-24 | 2.1 LOW | 3.3 LOW |
| In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). | |||||
| CVE-2019-10059 | 1 Lexmark | 142 6500e, 6500e Firmware, C734 and 139 more | 2019-09-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices. | |||||
| CVE-2016-10933 | 1 Portaudio Project | 1 Portaudio | 2019-08-29 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP. | |||||
| CVE-2015-9331 | 1 Soflyy | 1 Wp All Import | 2019-08-22 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. | |||||
| CVE-2015-9318 | 1 Getawesomesupport | 1 Awesome Support | 2019-08-22 | 5.0 MEDIUM | 7.5 HIGH |
| The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies. | |||||
| CVE-2017-18462 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224). | |||||
| CVE-2017-18476 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205). | |||||
| CVE-2017-18467 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). | |||||
| CVE-2017-18480 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210). | |||||
| CVE-2017-18477 | 1 Cpanel | 1 Cpanel | 2019-08-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). | |||||
| CVE-2016-10772 | 1 Cpanel | 1 Cpanel | 2019-08-09 | 2.1 LOW | 3.3 LOW |
| cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). | |||||
| CVE-2015-7576 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2019-08-08 | 4.3 MEDIUM | 3.7 LOW |
| The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences. | |||||
| CVE-2017-18445 | 1 Cpanel | 1 Cpanel | 2019-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). | |||||
| CVE-2008-1195 | 2 Canonical, Sun | 4 Ubuntu Linux, Jdk, Jre and 1 more | 2019-07-31 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. | |||||