Total
409 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-18462 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224). | |||||
CVE-2016-10894 | 2 Debian, Xtrlock Project | 2 Debian Linux, Xtrlock | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger). | |||||
CVE-2016-10933 | 1 Portaudio Project | 1 Portaudio | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP. | |||||
CVE-2015-9331 | 1 Soflyy | 1 Wp All Import | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. | |||||
CVE-2017-2752 | 1 Hp | 1 Tommy Hilfiger Th24\/7 | 2024-02-28 | 2.1 LOW | 2.1 LOW |
A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue. | |||||
CVE-2017-2748 | 1 Hp | 1 Isaac Mizrahi Smartwatch | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue. | |||||
CVE-2017-18477 | 1 Cpanel | 1 Cpanel | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). | |||||
CVE-2016-4642 | 1 Apple | 3 Apple Tv, Iphone Os, Mac Os | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings. | |||||
CVE-2017-2411 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates. | |||||
CVE-2014-6050 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request. | |||||
CVE-2011-4889 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581. | |||||
CVE-2015-9243 | 1 Hapijs | 1 Hapi | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`). | |||||
CVE-2016-10552 | 1 Infragistics | 1 Igniteui | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol. | |||||
CVE-2016-0274 | 1 Ibm | 1 Financial Transaction Manager | 2024-02-28 | 3.5 LOW | 5.4 MEDIUM |
IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to conduct clickjacking attacks via a crafted web site. IBM X-Force ID: 111076. | |||||
CVE-2016-10717 | 1 Malwarebytes | 1 Malwarebytes Anti-malware | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP. | |||||
CVE-2015-1142857 | 3 Dpdk, Intel, Linux | 13 Dpdk, 82576, 82576 Firmware and 10 more | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected. | |||||
CVE-2016-9900 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | |||||
CVE-2009-5144 | 1 Mod Gnutls Project | 1 Mod Gnutls | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate. | |||||
CVE-2018-4863 | 1 Sophos | 1 Endpoint Protection | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key. | |||||
CVE-2016-9071 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50. |