Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Angry Yack Logo
Total 34640 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3949 1 Ffmpeg 1 Ffmpeg 2025-04-11 6.8 MEDIUM N/A
The dirac_unpack_idwt_params function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Dirac data.
CVE-2013-1384 1 Adobe 1 Shockwave Player 2025-04-11 10.0 HIGH N/A
Adobe Shockwave Player before 12.0.2.122 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-1386.
CVE-2012-0533 1 Oracle 1 Peoplesoft Products 2025-04-11 4.0 MEDIUM N/A
Unspecified vulnerability in the PeopleSoft Enterprise FCSM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Receivables.
CVE-2011-0833 1 Oracle 1 Siebel Crm 2025-04-11 4.3 MEDIUM N/A
Unspecified vulnerability in the Siebel CRM Core component in Oracle Siebel CRM 7.8.2, 8.0.0, and 8.1.1 allows remote attackers to affect integrity, related to UIF Client.
CVE-2013-3760 1 Oracle 1 Database Server 2025-04-11 7.2 HIGH N/A
Unspecified vulnerability in the Oracle executable component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-3771.
CVE-2012-5674 1 Adobe 1 Coldfusion 2025-04-11 7.1 HIGH N/A
Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when Internet Information Services (IIS) is used, allows attackers to cause a denial of service via unknown vectors.
CVE-2013-5867 1 Oracle 1 Siebel Crm 2025-04-11 5.0 MEDIUM N/A
Unspecified vulnerability in the Siebel Core - Server Infrastructure component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via vectors related to SISNAPI & Network Infrastructure.
CVE-2013-0765 3 Canonical, Mozilla, Opensuse 4 Ubuntu Linux, Firefox, Seamonkey and 1 more 2025-04-11 9.3 HIGH N/A
Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 do not prevent multiple wrapping of WebIDL objects, which allows remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2013-1534 1 Oracle 1 Database Server 2025-04-11 10.0 HIGH N/A
Unspecified vulnerability in the Workload Manager component in Oracle Database Server 11.2.0.2 and 11.2.0.3, when used in RAC configurations, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2010-2308 1 Sophos 1 Anti-virus 2025-04-11 7.2 HIGH N/A
Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function.
CVE-2012-3271 1 Hp 2 Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware 2025-04-11 9.3 HIGH N/A
Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with firmware before 1.13 allows remote attackers to obtain sensitive information via unknown vectors.
CVE-2010-1943 1 Nec 1 Capsuite Patchmeister 2025-04-11 7.8 HIGH N/A
Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister 2.0 Update2 and earlier allows remote attackers to cause a denial of service (OS shutdown or restart) via vectors related to Client Service for PTM and crafted packets to port 56015.
CVE-2013-2461 2 Oracle, Sun 5 Jdk, Jre, Jrockit and 2 more 2025-04-11 7.5 HIGH N/A
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier; the Oracle JRockit component in Oracle Fusion Middleware R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June and July 2013 CPU. Oracle has not commented on claims from another ve ...

Show More

CVE-2012-0557 1 Oracle 1 Fusion Middleware 2025-04-11 7.5 HIGH N/A
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows remote attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK, a different vulnerability than CVE-2012-0554, CVE-2012-0555, and CVE-2012-0556.
CVE-2013-0413 1 Sun 1 Sunos 2025-04-11 4.4 MEDIUM N/A
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service.
CVE-2010-1348 1 Ibm 1 Websphere Portal 2025-04-11 7.5 HIGH N/A
Unspecified vulnerability in the login process in IBM WebSphere Portal 6.0.1.1, and 6.1.0.x before 6.1.0.3 Cumulative Fix 03, has unknown impact and remote attack vectors.
CVE-2011-2957 1 Rockwellautomation 1 Factorytalk Diagnostics Viewer 2025-04-11 6.9 MEDIUM N/A
Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 (CPR9 SR3) allows local users to execute arbitrary code via a crafted FactoryTalk Diagnostics Viewer (.ftd) configuration file, which triggers memory corruption.
CVE-2012-3330 1 Ibm 1 Websphere Application Server 2025-04-11 5.0 MEDIUM N/A
The proxy server in IBM WebSphere Application Server 7.0 before 7.0.0.27, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1, and WebSphere Virtual Enterprise, allows remote attackers to cause a denial of service (daemon outage) via a crafted request.
CVE-2022-24894 1 Sensiolabs 1 Symfony 2025-04-10 N/A 5.9 MEDIUM
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the ...

Show More

CVE-2023-39520 1 Cryptomator 1 Cryptomator 2025-04-10 N/A 5.5 MEDIUM
Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell ...

Show More

CVE-2023-37266 1 Icewhale 1 Casaos 2025-04-10 N/A 9.8 CRITICAL
CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly ...

Show More

CVE-2022-31766 1 Siemens 32 Ruggedcom Rm1224, Ruggedcom Rm1224 Firmware, Scalance M804pb and 29 more 2025-04-10 N/A 8.6 HIGH
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.1.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V7.1.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V7.1.2), SCALANCE M816-1 ADSL-Router ...

Show More

CVE-2024-33552 1 8theme 1 Xstore Core 2025-04-10 N/A 9.8 CRITICAL
Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8.
CVE-2024-3789 1 Whitebearsolutions 1 Wbsairback 2025-04-10 N/A 6.5 MEDIUM
Uncontrolled resource consumption vulnerability in White Bear Solutions WBSAirback, version 21.02.04. This vulnerability could allow an attacker to send multiple command injection payloads to influence the amount of resources consumed.
CVE-2024-1436 1 Wiloke 1 Myshopkit 2025-04-10 N/A 5.3 MEDIUM
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiloke WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit.This issue affects WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit: from n/a through 1.0.9.
CVE-2023-45593 1 Ailux 1 Imx6 2025-04-10 N/A 6.8 MEDIUM
A CWE-184 “Incomplete List of Disallowed Inputs” vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than “ http://localhost” ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
CVE-2022-47634 1 Isode 1 M-link 2025-04-10 N/A 8.1 HIGH
M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867.
CVE-2022-45213 1 Perfsonar 1 Perfsonar 2025-04-10 N/A 5.3 MEDIUM
perfSONAR before 4.4.6 inadvertently supports the parse option for a file:// URL.
CVE-2023-41665 1 Givewp 1 Givewp 2025-04-10 N/A 8.8 HIGH
Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0.
CVE-2024-21028 1 Oracle 1 Complex Maintenance Repair And Overhaul 2025-04-10 N/A 6.1 MEDIUM
Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Ove ...

Show More

CVE-2024-25644 1 Sap 1 Netweaver 2025-04-10 N/A 5.3 MEDIUM
Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application.
CVE-2025-25281 1 Outbackpower 2 Mojave Inverter Oghi8048a, Mojave Inverter Oghi8048a Firmware 2025-04-10 N/A 7.5 HIGH
An attacker may modify the URL to discover sensitive information about the target network.
CVE-2024-21149 1 Oracle 1 Enterprise Asset Management 2025-04-10 N/A 8.1 HIGH
Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Work Definition Issues). Supported versions that are affected are 12.2.11-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Asset Management ...

Show More

CVE-2023-33140 1 Microsoft 1 Onenote 2025-04-10 N/A 6.5 MEDIUM
Microsoft OneNote Spoofing Vulnerability
CVE-2024-36389 2 Canonical, Milesight 2 Ubuntu Linux, Devicehub 2025-04-10 N/A 9.8 CRITICAL
MileSight DeviceHub - CWE-330 Use of Insufficiently Random Values may allow Authentication Bypass
CVE-2024-21048 1 Oracle 1 Web Applications Desktop Integrator 2025-04-10 N/A 4.3 MEDIUM
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: XML input). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Ba ...

Show More

CVE-2024-21141 1 Oracle 1 Vm Virtualbox 2025-04-10 N/A 8.2 HIGH
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in ...

Show More

CVE-2022-43528 1 Arubanetworks 1 Aruba Edgeconnect Enterprise Orchestrator 2025-04-10 N/A 4.8 MEDIUM
Under certain configurations, an attacker can login to Aruba EdgeConnect Enterprise Orchestrator without supplying a multi-factor authentication code. Successful exploitation allows an attacker to login using only a username and password and successfully bypass MFA requirements in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator ...

Show More

CVE-2022-43539 1 Arubanetworks 1 Clearpass Policy Manager 2025-04-10 N/A 5.7 MEDIUM
A vulnerability exists in the ClearPass Policy Manager cluster communications that allow for an attacker in a privileged network position to potentially obtain sensitive information. A successful exploit could allow an attacker to retrieve information that allows for unauthorized actions as a privileged user on the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below ...

Show More

CVE-2025-30361 1 Wegia 1 Wegia 2025-04-10 N/A 9.8 CRITICAL
WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old password. This issue exists in the control.php endpoint and allows unauthorized attackers to bypass authentication and authorization mechanisms to reset the password of any user, including admin accounts. Version 3.2.6 fixes the issue.