Total
552 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5334 | 1 Vmware | 2 Identity Manager, Vrealize Automation | 2024-02-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. | |||||
| CVE-2017-5634 | 1 Norwegian-air | 1 Norwegian Air Kiosk | 2024-02-04 | 7.2 HIGH | 6.6 MEDIUM |
| The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, by accessing a touch-screen print icon to manipulate the print dialog. | |||||
| CVE-2017-6100 | 1 Tcpdf Project | 1 Tcpdf | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| tcpdf before 6.2.0 uploads files from the server generating PDF-files to an external FTP. | |||||
| CVE-2017-5648 | 1 Apache | 1 Tomcat | 2024-02-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 did not use the appropriate facade object. When running an untrusted application under a SecurityManager, it was therefore possible for that untrusted application to retain a reference to the request or response object and thereby access and/or modify information associated with another web application. | |||||
| CVE-2016-5787 | 1 Ge | 1 Cimplicity | 2024-02-04 | 4.6 MEDIUM | 6.3 MEDIUM |
| General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. | |||||
| CVE-2012-1846 | 1 Google | 1 Chrome | 2024-02-04 | 10.0 HIGH | N/A |
| Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." | |||||
| CVE-2013-4480 | 2 Redhat, Suse | 5 Network Satellite, Satellite, Satellite With Embedded Oracle and 2 more | 2024-02-04 | 7.5 HIGH | N/A |
| Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. | |||||
| CVE-2011-1258 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." | |||||
| CVE-2011-1960 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2024-02-04 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." | |||||
| CVE-2022-29901 | 5 Debian, Fedoraproject, Intel and 2 more | 254 Debian Linux, Fedora, Core I3-6100 and 251 more | 2024-02-04 | 1.9 LOW | 6.5 MEDIUM |
| Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. | |||||
| CVE-2022-23825 | 4 Amd, Debian, Fedoraproject and 1 more | 249 A10-9600p, A10-9600p Firmware, A10-9630p and 246 more | 2024-02-04 | 2.1 LOW | 6.5 MEDIUM |
| Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | |||||
| CVE-2023-50328 | 1 Ibm | 1 Powersc | 2024-02-02 | N/A | 5.3 MEDIUM |
| IBM PowerSC 1.3, 2.0, and 2.1 may allow a remote attacker to view session identifiers passed via URL query strings. IBM X-Force ID: 275110. | |||||