Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16857 | 1 Samba | 1 Samba | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Samba from version 4.9.0 and before version 4.9.3 that have AD DC configurations watching for bad passwords (to restrict brute forcing of passwords) in a window of more than 3 minutes may not watch for bad passwords at all. The primary risk from this issue is with regards to domains that have been upgraded from Samba 4.8 and earlier. In these cases the manual testing done to confirm an organisation's password policies apply as expected may not have been re-done after the upgrade. | |||||
| CVE-2018-0268 | 1 Cisco | 1 Digital Network Architecture Center | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| A vulnerability in the container management subsystem of Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and gain elevated privileges. This vulnerability is due to an insecure default configuration of the Kubernetes container management subsystem within DNA Center. An attacker who has the ability to access the Kubernetes service port could execute commands with elevated privileges within provisioned containers. A successful exploit could result in a complete compromise of affected containers. This vulnerability affects Cisco DNA Center Software Releases 1.1.3 and prior. Cisco Bug IDs: CSCvi47253. | |||||
| CVE-2017-15706 | 1 Apache | 1 Tomcat | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a result, some scripts may have failed to execute as expected and other scripts may have been executed unexpectedly. Note that the behaviour of the CGI servlet has remained unchanged in this regard. It is only the documentation of the behaviour that was wrong and has been corrected. | |||||
| CVE-2017-15665 | 1 Flexense | 1 Diskboss | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094. | |||||
| CVE-2017-15664 | 1 Flexense | 1 Syncbreeze | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121. | |||||
| CVE-2017-15663 | 1 Flexense | 1 Disk Pulse | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120. | |||||
| CVE-2017-15662 | 1 Flexense | 1 Vx Search | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123. | |||||
| CVE-2017-15091 | 1 Powerdns | 1 Authoritative | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY. | |||||
| CVE-2016-8635 | 2 Mozilla, Redhat | 7 Network Security Services, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. | |||||
| CVE-2016-10834 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| cPanel before 55.9999.141 allows account-suspension bypass via ftp (SEC-105). | |||||
| CVE-2016-10825 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 55.9999.141 allows attackers to bypass a Security Policy by faking static documents (SEC-92). | |||||
| CVE-2024-36511 | 1 Fortinet | 1 Fortiadc | 2024-09-20 | N/A | 3.7 LOW |
| An improperly implemented security check for standard vulnerability [CWE-358] in FortiADC Web Application Firewall (WAF) 7.4.0 through 7.4.4, 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions, 6.0 all versions when cookie security policy is enabled may allow an attacker, under specific conditions, to retrieve the initial encrypted and signed cookie protected by the feature | |||||
| CVE-2024-7965 | 2 Google, Microsoft | 2 Chrome, Edge Chromium | 2024-09-18 | N/A | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2024-41907 | 1 Siemens | 1 Sinec Traffic Analyzer | 2024-08-14 | N/A | 5.4 MEDIUM |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack. | |||||
| CVE-2024-6995 | 1 Google | 2 Android, Chrome | 2024-08-07 | N/A | 4.7 MEDIUM |
| Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-7003 | 1 Google | 1 Chrome | 2024-08-07 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||