Latest CVE Feed
-
4.0
MEDIUMCVE-2010-4334
The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not VERIFY_NONE, fails open to VERIFY_NONE instead of throwing an error when a ca_file/ca_path cannot be verified, which allows remote attackers to bypass intended certificate restrictions.... Read more
Affected Products : io-socket-ssl- EPSS Score: %0.56
- Published: Jan. 14, 2011
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2014-0834
IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 through 3.5.0.16 allows attackers to cause a denial of service (daemon crash) via crafted arguments to a setuid program.... Read more
Affected Products : general_parallel_file_system- EPSS Score: %0.69
- Published: Feb. 04, 2014
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2014-3316
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.... Read more
Affected Products : unified_communications_manager- EPSS Score: %0.51
- Published: Jul. 10, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2020-28923
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classe... Read more
Affected Products : play_framework- EPSS Score: %0.18
- Published: Dec. 03, 2020
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2005-3856
The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites.... Read more
Affected Products : krusader- EPSS Score: %0.36
- Published: Nov. 27, 2005
- Modified: Apr. 03, 2025
-
4.0
MEDIUMCVE-2014-3838
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts.... Read more
- EPSS Score: %0.13
- Published: Jun. 04, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-2366
upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code.... Read more
- EPSS Score: %0.25
- Published: Jul. 19, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-3132
SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.... Read more
Affected Products : background_processing- EPSS Score: %0.25
- Published: Apr. 30, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-3946
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.... Read more
Affected Products : typo3- EPSS Score: %0.15
- Published: Jun. 03, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-3318
Directory traversal vulnerability in dna/viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup76318.... Read more
Affected Products : unified_communications_manager- EPSS Score: %0.68
- Published: Jul. 10, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2024-3138
** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be... Read more
- Published: Apr. 01, 2024
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2013-5383
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382.... Read more
Affected Products : maximo_asset_management- EPSS Score: %0.23
- Published: Oct. 01, 2013
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2022-0317
An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR value... Read more
Affected Products : go-attestation- EPSS Score: %0.02
- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-38894
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM ... Read more
Affected Products : security_verify_access- EPSS Score: %0.09
- Published: Jan. 10, 2022
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2019-4054
IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. IBM X-Force ID: 156563.... Read more
Affected Products : qradar_security_information_and_event_manager- EPSS Score: %0.09
- Published: Jul. 17, 2019
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-37939
It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view. Using this vulnerability, a malicious user with the ability to creat... Read more
Affected Products : kibana- EPSS Score: %0.17
- Published: Nov. 18, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2014-1672
Check Point R75.47 Security Gateway and Management Server does not properly enforce Anti-Spoofing when the routing table is modified and the "Get - Interfaces with Topology" action is performed, which allows attackers to bypass intended access restriction... Read more
- EPSS Score: %0.26
- Published: Jan. 26, 2014
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2020-15279
An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external securi... Read more
Affected Products : endpoint_security_tools- EPSS Score: %0.11
- Published: May. 18, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2022-36866
Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.... Read more
- EPSS Score: %0.12
- Published: Sep. 09, 2022
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2015-4768
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, and 6.3.7 allows remote authenticated users to affect confidentiality via unknown ... Read more
Affected Products : supply_chain_products_suite- EPSS Score: %0.20
- Published: Jul. 16, 2015
- Modified: Apr. 12, 2025