ReportizFlow
Filtered by vendor
Subscriptions
Total
1332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4605 | 1 Redhat | 6 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Portal Platform and 3 more | 2024-11-21 | N/A |
| The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors. | ||||
| CVE-2011-4322 | 1 Websitebaker | 1 Websitebaker | 2024-11-21 | 7.5 High |
| websitebaker prior to and including 2.8.1 has an authentication error in backup module. | ||||
| CVE-2011-4190 | 1 Suse | 2 Suse Linux Enterprise Desktop, Suse Linux Enterprise Server | 2024-11-21 | N/A |
| The kdump implementation is missing the host key verification in the kdump and mkdumprd OpenSSH integration of kdump prior to version 2012-01-20. This is similar to CVE-2011-3588, but different in that the kdump implementation is specific to SUSE. A remote malicious kdump server could use this flaw to impersonate the correct kdump server to obtain security sensitive information (kdump core files). | ||||
| CVE-2011-3055 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-11-21 | N/A |
| The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation before an unpacked extension installation, which allows user-assisted remote attackers to have an unspecified impact via a crafted extension. | ||||
| CVE-2011-2187 | 2 Debian, Xscreensaver Project | 2 Debian Linux, Xscreensaver | 2024-11-21 | 7.8 High |
| xscreensaver before 5.14 crashes during activation and leaves the screen unlocked when in Blank Only Mode and when DPMS is disabled, which allows local attackers to access resources without authentication. | ||||
| CVE-2009-1780 | 1 Frax | 1 Php Recommend | 2024-11-21 | N/A |
| admin.php in Frax.dk Php Recommend 1.3 and earlier does not require authentication when the user password is changed, which allows remote attackers to gain administrative privileges via modified form_admin_user and form_admin_pass parameters. | ||||
| CVE-2008-6827 | 1 Symantec | 1 Altiris Deployment Solution | 2024-11-21 | 7.8 High |
| The ListView control in the Client GUI (AClient.exe) in Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 allows local users to gain SYSTEM privileges and execute arbitrary commands via a "Shatter" style attack on the "command prompt" hidden GUI button to (1) overwrite the CommandLine parameter to cmd.exe to use SYSTEM privileges and (2) modify the DLL that is loaded using the LoadLibrary API function. | ||||
| CVE-2007-0956 | 4 Canonical, Debian, Mit and 1 more | 4 Ubuntu Linux, Debian Linux, Kerberos 5 and 1 more | 2024-11-21 | N/A |
| The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882. | ||||
| CVE-2006-0062 | 1 Sillycycle | 1 Xlockmore | 2024-11-21 | 9.8 Critical |
| xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a new Gaim window. | ||||
| CVE-2006-0061 | 1 Sillycycle | 1 Xlockmore | 2024-11-21 | 9.8 Critical |
| xlockmore 5.13 and 5.22 segfaults when using libpam-opensc and returns the underlying xsession. This allows unauthorized users access to the X session. | ||||
| CVE-2004-0213 | 1 Microsoft | 1 Windows 2000 | 2024-11-21 | 7.8 High |
| Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908. | ||||
| CVE-2002-1810 | 1 Dlink | 2 Dwl-900ap\+, Dwl-900ap\+ Firmware | 2024-11-21 | 7.5 High |
| D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information. | ||||
| CVE-2024-10924 | 1 Really-simple-plugins | 1 Really Simple Security | 2024-11-20 | 9.8 Critical |
| The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default). | ||||
| CVE-2024-41968 | 2024-11-19 | 5.4 Medium | ||
| A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. | ||||
| CVE-2024-41967 | 2024-11-18 | 8.1 High | ||
| A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. | ||||
| CVE-2023-52949 | 1 Synology | 1 Active Backup For Business Agent | 2024-11-15 | 5.5 Medium |
| Missing authentication for critical function vulnerability in proxy settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors. | ||||
| CVE-2024-48966 | 1 Baxter | 1 Life2000 Ventilator Firmware | 2024-11-15 | 10 Critical |
| The software tools used by service personnel to test & calibrate the ventilator do not support user authentication. An attacker with access to the Service PC where the tools are installed could obtain diagnostic information through the test tool or manipulate the ventilator's settings and embedded software via the calibration tool, without having to authenticate to either tool. This could result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance. | ||||
| CVE-2024-47575 | 1 Fortinet | 2 Fortimanager, Fortimanager Cloud | 2024-11-09 | 9.8 Critical |
| A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests. | ||||
| CVE-2024-51567 | 1 Cyberpanel | 1 Cyberpanel | 2024-11-09 | 10 Critical |
| upgrademysqlstatus in databases/views.py in CyberPanel (aka Cyber Panel) before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected. | ||||
| CVE-2024-48952 | 2024-11-08 | 6.4 Medium | ||
| An issue was discovered in Logpoint before 7.5.0. SOAR uses a static JWT secret key to generate tokens that allow access to SOAR API endpoints without authentication. This static key vulnerability enables attackers to create custom JWT secret keys for unauthorized access to these endpoints. | ||||