Total
315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-2336 | 1 Symantec | 1 Norton Personal Firewall | 2025-04-03 | 4.3 MEDIUM | N/A |
|
Norton Personal Firewall 2002 4.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets.
|
|||||
| CVE-2005-0197 | 1 Cisco | 1 Ios | 2025-04-03 | 6.1 MEDIUM | N/A |
|
Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface.
|
|||||
| CVE-2006-0848 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-03 | 5.1 MEDIUM | N/A |
|
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
|
|||||
| CVE-1999-0858 | 1 Microsoft | 1 Internet Explorer | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.
|
|||||
| CVE-2006-3291 | 1 Cisco | 1 Ios | 2025-04-03 | 9.3 HIGH | N/A |
|
The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system.
|
|||||
| CVE-2003-1457 | 1 Auerswald | 1 Comsuite Cti Controlcenter | 2025-04-03 | 4.6 MEDIUM | N/A |
|
Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access.
|
|||||
| CVE-2002-2263 | 1 Hp | 2 Hp-ux, Visualize Conference Ftp | 2025-04-03 | 6.6 MEDIUM | N/A |
|
The installation program for HP-UX Visualize Conference B.11.00.11 running on HP-UX 11.00 and 11.11 installs /etc/dt and its subdirecties with insecure permissions, which allows local users to read or write arbitrary files.
|
|||||
| CVE-2002-2335 | 1 John Drake | 1 Killer Protection | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Killer Protection 1.0 stores the vars.inc include file under the web root with insufficient access control, which allows remote attackers to obtain user names and passwords and log in using protection.php.
|
|||||
| CVE-2002-2373 | 1 Apple | 2 Apple Laserwriter, Tcp Ip Configuration Utility | 2025-04-03 | 7.5 HIGH | N/A |
|
The default configuration of the TCP/IP printer configuration utility in Apple LaserWriter 12/640 PS printer contains a blank Telnet password, which allows remote attackers to gain access.
|
|||||
| CVE-1999-0701 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.2 HIGH | N/A |
|
After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.
|
|||||
| CVE-2004-0605 | 2 Ircd-hybrid, Ircd-ratbox | 2 Ircd-hybrid, Ircd-ratbox | 2025-04-03 | 5.0 MEDIUM | N/A |
|
Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ircd-ratbox 1.5.1 and earlier, or (3) ircd-ratbox 2.0rc6 and earlier do not have a rate-limit imposed, which could allow remote attackers to cause a denial of service by repeatedly making requests, which are slowly dequeued.
|
|||||
| CVE-2005-4845 | 1 Sun | 1 Java Plug-in | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.
|
|||||
| CVE-2005-4837 | 2 Net-snmp, Sourceforge | 2 Net-snmp, Net-snmp | 2025-04-03 | 10.0 HIGH | N/A |
|
snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.
|
|||||
| CVE-2002-2247 | 1 Mambo | 1 Mambo Site Server | 2025-04-03 | 5.0 MEDIUM | N/A |
|
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.
|
|||||
| CVE-2003-1491 | 1 Kerio | 1 Personal Firewall | 2025-04-03 | 7.5 HIGH | N/A |
|
Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53.
|
|||||
| CVE-2003-1362 | 1 Hp | 2 Bastille, Hp-ux | 2025-04-03 | 7.8 HIGH | N/A |
|
Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases.
|
|||||
| CVE-2004-2687 | 2 Apple, Samba | 2 Xcode, Samba | 2025-04-03 | 9.3 HIGH | N/A |
|
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.
|
|||||
| CVE-2003-1426 | 1 Cpanel | 1 Cpanel | 2025-04-03 | 3.3 LOW | N/A |
|
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
|
|||||
| CVE-2024-42031 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-19 | N/A | 7.5 HIGH |
|
Access permission verification vulnerability in the Settings module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2023-33105 | 1 Qualcomm | 298 Ar8035, Ar8035 Firmware, Ar9380 and 295 more | 2025-01-10 | N/A | 7.5 HIGH |
|
Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.
|
|||||
| CVE-2018-11922 | 1 Qualcomm | 44 215, 215 Firmware, Mdm9206 and 41 more | 2025-01-09 | N/A | 9.8 CRITICAL |
|
Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user.
|
|||||
| CVE-2024-32991 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-11 | N/A | 7.5 HIGH |
|
Permission verification vulnerability in the wpa_supplicant module
Impact: Successful exploitation of this vulnerability will affect availability.
|
|||||
| CVE-2024-46909 | 1 Progress | 1 Whatsup Gold | 2024-12-10 | N/A | 9.8 CRITICAL |
|
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account.
|
|||||
| CVE-2023-52719 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-09 | N/A | 7.1 HIGH |
|
Privilege escalation vulnerability in the PMS module
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
|||||
| CVE-2023-43088 | 1 Dell | 2 Precision 7865 Tower, Precision 7865 Tower Firmware | 2024-11-21 | N/A | 7.2 HIGH |
|
Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device.
|
|||||
| CVE-2023-39392 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
|
Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.
|
|||||
| CVE-2023-39385 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 9.1 CRITICAL |
|
Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access.
|
|||||
| CVE-2023-33076 | 1 Qualcomm | 302 Aqt1000, Aqt1000 Firmware, Ar8035 and 299 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Memory corruption in Core when updating rollback version for TA and OTA feature is enabled.
|
|||||
| CVE-2022-43516 | 2 Microsoft, Zabbix | 2 Windows Firewall, Zabbix | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI)
|
|||||
| CVE-2022-37397 | 1 Yugabyte | 1 Yugabytedb | 2024-11-21 | N/A | 8.3 HIGH |
|
An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password.
|
|||||
| CVE-2022-36423 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2024-11-21 | N/A | 7.4 HIGH |
|
OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices.
|
|||||
| CVE-2022-33233 | 1 Qualcomm | 402 Apq8009, Apq8009 Firmware, Apq8009w and 399 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Memory corruption due to configuration weakness in modem wile sending command to write protected files.
|
|||||
| CVE-2022-29095 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | 7.6 HIGH | 8.3 HIGH |
|
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system.
|
|||||
| CVE-2022-28762 | 1 Zoom | 1 Meetings | 2024-11-21 | N/A | 7.3 HIGH |
|
Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client.
|
|||||
| CVE-2022-22183 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper ...
Show More |
|||||
| CVE-2021-35233 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies.
|
|||||
| CVE-2021-31381 | 1 Juniper | 1 Session And Resource Control | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system.
|
|||||
| CVE-2021-31380 | 1 Juniper | 1 Session And Resource Control | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information.
|
|||||
| CVE-2021-22957 | 1 Ui | 1 Unifi Protect | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later.
|
|||||
| CVE-2021-21532 | 1 Dell | 1 Wyse Thinos | 2024-11-21 | 5.8 MEDIUM | 5.0 MEDIUM |
|
Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file.
|
|||||