Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5406 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2017-12-15 | 6.5 MEDIUM | 8.8 HIGH |
| The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves. | |||||
| CVE-2012-2217 | 1 Htc | 14 Evo 3d, Evo 3d Software, Evo 4g and 11 more | 2017-12-14 | 6.4 MEDIUM | N/A |
| The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, EVO Design 4G before 2.12.651.5, Shift 4G before 2.77.651.3, EVO 3D before 2.17.651.5, EVO View 4G before 2.23.651.1, Vivid before 3.26.502.56, and Hero does not restrict localhost access to TCP port 2479, which allows remote attackers to (1) send SMS messages, (2) obtain the Network Access Identifier (NAI) and its password, or trigger (3) popup messages or (4) tones via a crafted application that leverages the android.permission.INTERNET permission. | |||||
| CVE-2012-1508 | 1 Vmware | 3 Esx, Esxi, View | 2017-12-13 | 7.2 HIGH | N/A |
| The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX 4.0 and 4.1; and VMware View before 4.6.1 allows guest OS users to gain guest OS privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||||
| CVE-2016-10700 | 1 Cacti | 1 Cacti | 2017-12-11 | 6.5 MEDIUM | 8.8 HIGH |
| auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313. | |||||
| CVE-2009-3257 | 1 Vtiger | 1 Vtiger Crm | 2017-12-07 | 3.6 LOW | N/A |
| vtiger CRM before 5.1.0 allows remote authenticated users to bypass the permissions on the (1) Account Billing Address and (2) Shipping Address fields in a profile by creating a Sales Order (SO) associated with that profile. | |||||
| CVE-2012-0745 | 1 Ibm | 2 Aix, Vios | 2017-12-07 | 7.2 HIGH | N/A |
| The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 through 2.2.1.3 does not properly interact with customer-extended LDAP user filtering, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2012-1455 | 2 Eset, Rising-global | 2 Nod32 Antivirus, Rising Antivirus | 2017-12-06 | 4.3 MEDIUM | N/A |
| The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a CAB file with a modified vMinor version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | |||||
| CVE-2012-1447 | 4 Aladdin, Drweb, Fortinet and 1 more | 4 Esafe, Dr.web Antivirus, Fortinet Antivirus and 1 more | 2017-12-06 | 4.3 MEDIUM | N/A |
| The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | |||||
| CVE-2011-4863 | 2 Google, Tencent | 2 Android, Qqpimsecure | 2017-12-06 | 5.8 MEDIUM | N/A |
| The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS/MMS messages and a contact list via a crafted application. | |||||
| CVE-2011-4773 | 2 Android, Anguanjia | 2 Android, Anguanjia | 2017-12-06 | 5.8 MEDIUM | N/A |
| The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. | |||||
| CVE-2012-2010 | 1 Hp | 1 Openvms | 2017-12-05 | 6.9 MEDIUM | N/A |
| The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2012-0299 | 1 Symantec | 1 Web Gateway | 2017-12-05 | 10.0 HIGH | N/A |
| The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors. | |||||
| CVE-2012-0298 | 1 Symantec | 1 Web Gateway | 2017-12-05 | 6.4 MEDIUM | N/A |
| The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors. | |||||
| CVE-2012-0297 | 1 Symantec | 1 Web Gateway | 2017-12-05 | 10.0 HIGH | N/A |
| The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data. | |||||
| CVE-2012-3365 | 1 Php | 1 Php | 2017-12-01 | 5.0 MEDIUM | N/A |
| The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. | |||||
| CVE-2016-4118 | 2 Adobe, Microsoft | 2 Connect, Windows | 2017-11-29 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in the installer in Adobe Connect Add-In before 11.9.976.291 on Windows allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2013-6965 | 1 Cisco | 1 Webex Training Center | 2017-11-29 | 5.0 MEDIUM | N/A |
| The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183. | |||||
| CVE-2013-6964 | 1 Cisco | 1 Webex Meeting Center | 2017-11-29 | 3.5 LOW | N/A |
| Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197. | |||||
| CVE-2013-3445 | 1 Cisco | 1 Identity Services Engine | 2017-11-29 | 5.0 MEDIUM | N/A |
| The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572. | |||||
| CVE-2013-3436 | 1 Cisco | 1 Ios | 2017-11-29 | 5.0 MEDIUM | N/A |
| The default configuration of the Group Encrypted Transport VPN (GET VPN) feature on Cisco IOS uses an improper mechanism for enabling Group Domain of Interpretation (GDOI) traffic flow, which allows remote attackers to bypass the encryption policy via certain uses of UDP port 848, aka Bug ID CSCui07698. | |||||