Total
549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-9325 | 1 Cloudera | 1 Cdh | 2019-07-11 | 6.4 MEDIUM | 7.5 HIGH |
| The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs. | |||||
| CVE-2018-13908 | 1 Qualcomm | 94 Ipq8074, Ipq8074 Firmware, Mdm9150 and 91 more | 2019-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Truncated access authentication token leads to weakened access control for stored secure application data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2017-8252 | 1 Qualcomm | 110 Ipq4019, Ipq4019 Firmware, Ipq8074 and 107 more | 2019-06-17 | 4.9 MEDIUM | 5.5 MEDIUM |
| Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130 | |||||
| CVE-2017-8777 | 1 Open-xchange | 1 Ox Cloud | 2019-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization. | |||||
| CVE-2015-5463 | 1 Axiomsl | 1 Axiom | 2019-04-04 | 7.5 HIGH | 9.8 CRITICAL |
| AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application. | |||||
| CVE-2016-10734 | 1 Projectsend | 1 Projectsend | 2018-12-06 | 7.5 HIGH | 9.8 CRITICAL |
| ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php. | |||||
| CVE-2016-7651 | 1 Apple | 2 Iphone Os, Watchos | 2018-10-30 | 4.6 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall. | |||||
| CVE-2014-6049 | 1 Phpmyfaq | 1 Phpmyfaq | 2018-10-23 | 5.5 MEDIUM | 2.7 LOW |
| phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter. | |||||
| CVE-2016-3352 | 1 Microsoft | 3 Windows 10, Windows 8.1, Windows Rt 8.1 | 2018-10-12 | 4.3 MEDIUM | 8.8 HIGH |
| Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via a brute-force attack on NTLM password hashes, aka "Microsoft Information Disclosure Vulnerability." | |||||
| CVE-2013-7245 | 1 Sybase | 1 Adaptive Server Enterprise | 2018-06-13 | 5.0 MEDIUM | 7.5 HIGH |
| The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859. | |||||
| CVE-2015-7463 | 1 Ibm | 1 Business Process Manager | 2018-04-10 | 5.5 MEDIUM | 4.3 MEDIUM |
| IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393. | |||||
| CVE-2016-5063 | 1 Bmc | 1 Server Automation | 2018-02-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors. | |||||
| CVE-2017-7484 | 1 Postgresql | 1 Postgresql | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access. | |||||
| CVE-2015-3656 | 1 Arubanetworks | 1 Clearpass | 2017-09-07 | 6.5 MEDIUM | 7.2 HIGH |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. | |||||
| CVE-2016-5676 | 2 Netgear, Nuuo | 3 Readynas Surveillance, Nvrmini 2, Nvrsolo | 2017-09-03 | 5.0 MEDIUM | 7.5 HIGH |
| cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action. | |||||
| CVE-2016-9938 | 1 Digium | 2 Asterisk, Certified Asterisk | 2017-07-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you. | |||||
| CVE-2017-2686 | 1 Siemens | 1 Ruggedcom Rox I | 2017-07-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated user to read arbitrary files through the web interface at port 10000/TCP and access sensitive information. | |||||
| CVE-2014-9950 | 1 Google | 1 Android | 2017-06-09 | 9.3 HIGH | 7.8 HIGH |
| In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | |||||
| CVE-2014-9945 | 1 Google | 1 Android | 2017-06-08 | 9.3 HIGH | 7.8 HIGH |
| In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | |||||
| CVE-2016-8776 | 1 Huawei | 4 P9, P9 Firmware, P9 Lite and 1 more | 2017-04-10 | 2.1 LOW | 4.6 MEDIUM |
| Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account. | |||||