Total
600 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12249 | 1 Cisco | 1 Meeting Server | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected system. The vulnerability is due to an incorrect default configuration of the TURN server, which could expose internal interfaces and ports on the external interface of an affected system. An attacker could exploit this vulnerability by using a TURN server to perform an unauthorized connection to a Call Bridge, a Web Bridge, or a database cluster in an affected system, depending on the deployment model and CMS services in use. A successful exploit could allow the attacker to gain unauthenticated access to a Call Bridge or database cluster in an affected system or gain unauthorized access to sensitive meeting information in an affected system. To exploit this vulnerability, the attacker must have valid credentials for the TURN server of the affected system. This vulnerability affects Cisco Meeting Server (CMS) deployments that are running a CMS Software release prior to Release 2.0.16, 2.1.11, or 2.2.6. Cisco Bug IDs: CSCvf51127. | |||||
| CVE-2017-11382 | 1 Trendmicro | 1 Deep Discovery Email Inspector | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350. | |||||
| CVE-2017-0367 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure. | |||||
| CVE-2017-0215 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. | |||||
| CVE-2016-5787 | 1 Ge | 1 Cimplicity | 2024-11-21 | 4.6 MEDIUM | 6.3 MEDIUM |
| General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. | |||||
| CVE-2016-5334 | 1 Vmware | 2 Identity Manager, Vrealize Automation | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. | |||||
| CVE-2016-11010 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. | |||||
| CVE-2016-11009 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. | |||||
| CVE-2016-11008 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. | |||||
| CVE-2016-11007 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. | |||||
| CVE-2016-11006 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. | |||||
| CVE-2016-10840 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). | |||||
| CVE-2015-9550 | 1 Totolink | 16 A850r-v1, A850r-v1 Firmware, F1-v2 and 13 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface. | |||||
| CVE-2015-10004 | 1 Json Web Token Project | 1 Json Web Token | 2024-11-21 | N/A | 7.5 HIGH |
| Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC. | |||||
| CVE-2014-2387 | 3 Debian, Opensuse, Pen Project | 3 Debian Linux, Opensuse, Pen | 2024-11-21 | 4.6 MEDIUM | 4.4 MEDIUM |
| Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities | |||||
| CVE-2014-0023 | 1 Redhat | 1 Openshift | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | |||||
| CVE-2013-4561 | 1 Redhat | 1 Openshift | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. | |||||
| CVE-2013-4480 | 2 Redhat, Suse | 5 Network Satellite, Satellite, Satellite With Embedded Oracle and 2 more | 2024-11-21 | 7.5 HIGH | N/A |
| Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. | |||||
| CVE-2013-4374 | 1 Redhat | 2 Jboss Operations Network, Rhq Mongo Db Drift Server | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files. | |||||
| CVE-2013-4280 | 1 Redhat | 3 Enterprise Virtualization, Storage, Virtual Desktop Server Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Insecure temporary file vulnerability in RedHat vsdm 4.9.6. | |||||