Latest CVE Feed
-
4.3
MEDIUMCVE-2018-2675
Vulnerability in the Java Advanced Management Console component of Oracle Java SE (subcomponent: Server). The supported version that is affected is Java Advanced Management Console: 2.8. Difficult to exploit vulnerability allows unauthenticated attacker w... Read more
- Published: Jan. 18, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-1902
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to spoof connection information which could be used to launch further attacks against the system. IBM X-Force ID: 152531.... Read more
Affected Products : websphere_application_server- Published: Mar. 11, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-15430
Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.... Read more
Affected Products : chrome- Published: Aug. 28, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-15546
The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database.... Read more
- Published: Jan. 25, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2017-15528
Prior to v 7.6, the Install Norton Security (INS) product can be susceptible to a certificate spoofing vulnerability, which is a type of attack whereby a maliciously procured certificate binds the public key of an attacker to the domain name of the target... Read more
Affected Products : install_norton_security- Published: Nov. 22, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2024-47554
Uncontrolled Resource Consumption vulnerability in Apache Commons IO. The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input. This issue affects Apache Commons IO: from 2.0 ... Read more
- Published: Oct. 03, 2024
- Modified: Jul. 10, 2025
-
4.3
MEDIUMCVE-2024-43208
Missing Authorization vulnerability in Miller Media ( Matt Miller ) Send Emails with Mandrill allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Send Emails with Mandrill: from n/a through 1.4.1.... Read more
Affected Products :- Published: Nov. 01, 2024
- Modified: Nov. 01, 2024
-
4.3
MEDIUMCVE-2016-9735
IBM Jazz Foundation could allow an authenticated user to obtain sensitive information from stack traces. IBM X-Force ID: 119781,... Read more
- Published: May. 15, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2016-9592
openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a flaw when a volume fails to detach, which causes the delete operation to fail with 'VolumeInUse' error. Since the delete operation is retried every 30 seconds for each volume, this could... Read more
- Published: Apr. 16, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2024-43196
IBM OpenPages with Watson 8.3 and 9.0 application could allow an authenticated user to manipulate data in the Questionnaires application allowing the user to spoof other users' responses.... Read more
- Published: Feb. 20, 2025
- Modified: Mar. 11, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2024-44244
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1, visionOS 2.1, tvOS 18.1, macOS Sequoia 15.1, Safari 18.1. Processing maliciously crafted web content may lead to an unex... Read more
- Published: Oct. 28, 2024
- Modified: Dec. 06, 2024
-
4.3
MEDIUMCVE-2016-9462
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whether a user has only read-only access to a share. Thus a u... Read more
- Published: Mar. 28, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2017-16804
In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function in app/models/mailer.rb does not check whether an issue is visible, which allows remote authenticated users to obtain sensitive information by reading e-mail reminder messages.... Read more
- Published: Nov. 13, 2017
- Modified: Apr. 20, 2025
-
4.3
MEDIUMCVE-2012-5977
Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and 11.x before 11.1.2; Certified Asterisk 1.8.11 before 1.8.11-cert10; and Asterisk Digiumphones 10.x-digiumphones before 10.11.1-digiumphones, when anonymous calls are enabled, allow remot... Read more
- Published: Jan. 04, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2012-3437
The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG file that triggers inc... Read more
Affected Products : imagemagick- Published: Aug. 07, 2012
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2017-17185
Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a out-of-bounds read vulnerability. Due to ... Read more
Affected Products : dp300_firmware te60_firmware rp200_firmware te30_firmware te40_firmware te50_firmware te30 te40 te50 te60 +2 more products- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2013-0342
The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.... Read more
Affected Products : pyrad- Published: Dec. 09, 2019
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2018-2678
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulne... Read more
- Published: Jan. 18, 2018
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2013-0215
oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon crash and host-control outage, or memory consumption) o... Read more
Affected Products : xen- Published: Mar. 07, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2013-0298
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_... Read more
- Published: Mar. 14, 2014
- Modified: Apr. 12, 2025