Vulnerabilities (CVE)

CWE filter

CWE-16

Filter

277 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-1585 1 Cisco 2 Application Policy Infrastructure Controller Software, Nx-os 2019-10-09 7.2
A vulnerability in the controller authorization functionality of Cisco Nexus 9000 Series ACI Mode Switch Software could allow an authenticated, local attacker to escalate standard users with root privilege on an affected device. The vulnerability...
CVE-2017-3210 3 Fujitsu, Hp, Philips 5 Displayview Click, Displayview Click Suite, Display Assistant and 2 more 2019-10-09 7.2
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure...
CVE-2012-3276 1 Hp 1 Openvms 2019-10-09 2.1
HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, 8.2, 8.3, and 8.4 on the Alpha platform does not properly implement the LOGIN and ACME_SERVER ACMELOGIN programs, which allows local users to cause a denial of service via...
CVE-2010-1972 1 Hp 1 Client Automation Enterprise Infrastructure 2019-10-09 9.0
The default configuration of HP Client Automation (HPCA) Enterprise Infrastructure (aka Radia) allows remote attackers to read log files, and consequently cause a denial of service or have unspecified other impact, via web requests.
CVE-2019-2261 1 Qualcomm 42 Ipq8074 Firmware, Mdm9150 Firmware, Mdm9206 Firmware and 39 more 2019-07-29 4.9
Unauthorized access from GPU subsystem to HLOS or other non secure subsystem memory can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...
CVE-2019-3949 2019-07-11 7.5
Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute...
CVE-2018-11215 1 Cloudera 1 Data Science Workbench 2019-07-08 7.5
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.
CVE-2008-4609 11 Bsd, Linux, Cisco and 8 more 26 Windows 98, Windows 98se, Bsd Os and 23 more 2019-04-30 7.1
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple...
CVE-2012-4546 1 Redhat 1 Enterprise Linux 2019-04-22 4.3
The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate...
CVE-2013-0253 1 Apache 1 Maven 2019-04-16 5.8
The default configuration of Apache Maven 3.0.4, when using Maven Wagon 2.1, disables SSL certificate checks, which allows remote attackers to spoof servers via a man-in-the-middle (MITM) attack.
CVE-2018-12179 1 Tianocore 1 Edk Ii 2019-04-11 4.6
Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
CVE-2008-0128 1 Apache 1 Tomcat 2019-03-25 5.0
The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make...
CVE-2009-0243 1 Microsoft 5 Windows Server 2008, Windows Vista, Windows Xp and 2 more 2019-02-26 7.2
Microsoft Windows does not properly enforce the Autorun and NoDriveTypeAutoRun registry values, which allows physically proximate attackers to execute arbitrary code by (1) inserting CD-ROM media, (2) inserting DVD media, (3) connecting a USB...
CVE-2009-1895 3 Linux, Canonical, Debian 3 Linux Kernel, Ubuntu Linux, Debian Linux 2018-11-08 7.2
The personality subsystem in the Linux kernel before 2.6.31-rc3 has a PER_CLEAR_ON_SETID setting that does not clear the ADDR_COMPAT_LAYOUT and MMAP_PAGE_ZERO flags when executing a setuid or setgid program, which makes it easier for local users...
CVE-2009-2336 1 Wordpress 2 Wordpress Mu, Wordpress 2018-11-08 5.0
The forgotten mail interface in WordPress and WordPress MU before 2.8.1 exhibits different behavior for a password request depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor...
CVE-2009-2335 1 Wordpress 2 Wordpress Mu, Wordpress 2018-11-08 5.0
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. NOTE: the vendor reportedly disputes the...
CVE-2009-4071 1 Opera 1 Opera Browser 2018-10-30 5.8
Opera before 10.10, when exception stacktraces are enabled, places scripting error messages from a web site into variables that can be read by a different web site, which allows remote attackers to obtain sensitive information or conduct...
CVE-2002-2280 1 Openbsd 1 Openbsd 2018-10-30 2.1
syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.
CVE-2009-1303 1 Mozilla 3 Firefox, Thunderbird, Seamonkey 2018-10-30 5.0
The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (application crash) and possibly trigger memory corruption via vectors related to...
CVE-2009-3376 1 Mozilla 2 Firefox, Seamonkey 2018-10-30 9.3
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions...