Total
263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2666 | 1 Digium | 1 Asterisk | 2017-08-28 | 5.0 MEDIUM | N/A |
| The default configuration of the SIP channel driver in Asterisk Open Source 1.4.x through 1.4.41.2 and 1.6.2.x through 1.6.2.18.2 does not enable the alwaysauthreject option, which allows remote attackers to enumerate account names by making a series of invalid SIP requests and observing the differences in the responses for different usernames, a different vulnerability than CVE-2011-2536. | |||||
| CVE-2011-2395 | 1 Cisco | 1 Ios | 2017-08-28 | 5.0 MEDIUM | N/A |
| The Neighbor Discovery (ND) protocol implementation in Cisco IOS on unspecified switches allows remote attackers to bypass the Router Advertisement Guarding functionality via a fragmented IPv6 packet in which the Router Advertisement (RA) message is contained in the second fragment, as demonstrated by (1) a packet in which the first fragment contains a long Destination Options extension header or (2) a packet in which the first fragment contains an ICMPv6 Echo Request message. | |||||
| CVE-2016-10388 | 1 Google | 1 Android | 2017-08-23 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. | |||||
| CVE-2011-1681 | 1 Vmware | 1 Open-vm-tools | 2017-08-16 | 3.3 LOW | N/A |
| vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka open-vm-tools) 8.4.2-261024 and earlier attempts to append to the /etc/mtab file without first checking whether resource limits would interfere, which allows local users to trigger corruption of this file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. | |||||
| CVE-2011-1499 | 2 Banu, Debian | 2 Tinyproxy, Debian Linux | 2017-08-16 | 2.6 LOW | N/A |
| acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server. | |||||
| CVE-2011-1406 | 1 Mahara | 1 Mahara | 2017-08-16 | 4.3 MEDIUM | N/A |
| Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login. | |||||
| CVE-2011-1370 | 1 Ibm | 1 Lotus Sametime | 2017-08-16 | 5.0 MEDIUM | N/A |
| The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message. | |||||
| CVE-2010-0717 | 1 Moinmo | 1 Moinmoin | 2017-08-16 | 7.5 HIGH | N/A |
| The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors. | |||||
| CVE-2010-0558 | 1 Sun | 1 Opensolaris | 2017-08-16 | 7.5 HIGH | N/A |
| The default configuration of Oracle OpenSolaris snv_77 through snv_131 allows attackers to have an unspecified impact via vectors related to using smbadm to join a Windows Active Directory domain. | |||||
| CVE-2010-3279 | 1 Alcatel-lucent | 2 Ccagent, Omnitouch Contact Center | 2017-08-16 | 7.6 HIGH | N/A |
| The default configuration of the CCAgent option before 9.0.8.4 in the management server (aka TSA) component in Alcatel-Lucent OmniTouch Contact Center Standard Edition enables maintenance access, which allows remote attackers to monitor or reconfigure Contact Center operations via vectors involving TSA_maintenance.exe. | |||||
| CVE-2009-4293 | 1 Iij | 6 Seil\/b1, Seil\/b1 Firmware, Seil\/x1 and 3 more | 2017-08-16 | 7.1 HIGH | N/A |
| Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 through 2.51, when NAT is enabled, allows remote attackers to cause a denial of service (system restart) via crafted GRE packets. | |||||
| CVE-2009-4419 | 1 Intel | 5 Gm45 Chipset, Pm45 Express Chipset, Q35 Chipset and 2 more | 2017-08-16 | 7.2 HIGH | N/A |
| Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded. | |||||
| CVE-2009-5051 | 1 Hastymail | 1 Hastymail2 | 2017-08-16 | 5.0 MEDIUM | N/A |
| Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2009-2089 | 1 Ibm | 1 Websphere Application Server | 2017-08-16 | 2.1 LOW | N/A |
| The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by reading a Migration Trace file. | |||||
| CVE-2009-1596 | 1 Igniterealtime | 1 Openfire | 2017-08-16 | 4.0 MEDIUM | N/A |
| Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet. | |||||
| CVE-2009-2750 | 1 Ibm | 1 Websphere Service Registry And Repository | 2017-08-16 | 5.5 MEDIUM | N/A |
| IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 does not have the intended configuration properties, which allows remote authenticated users to obtain unspecified data access via a property query. | |||||
| CVE-2009-2213 | 1 Citrix | 2 Netscaler Access Gateway, Netscaler Access Gateway Firmware | 2017-08-16 | 6.3 MEDIUM | N/A |
| The default configuration of the Security global settings on the Citrix NetScaler Access Gateway appliance with Enterprise Edition firmware 9.0, 8.1, and earlier specifies Allow for the Default Authorization Action option, which might allow remote authenticated users to bypass intended access restrictions. | |||||
| CVE-2009-1892 | 1 Isc | 1 Dhcp | 2017-08-16 | 5.0 MEDIUM | N/A |
| dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests. | |||||
| CVE-2008-6171 | 1 Drupal | 1 Drupal | 2017-08-16 | 9.3 HIGH | N/A |
| includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header. | |||||
| CVE-2007-6722 | 3 Apple, Microsoft, Vidalia-project | 3 Mac Os X, Windows, Vidalia Bundle | 2017-08-16 | 5.0 MEDIUM | N/A |
| Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. | |||||