Latest CVE Feed
-
4.0
MEDIUMCVE-2015-8374
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.... Read more
Affected Products : linux_kernel- Published: Dec. 28, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2017-20191
A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has been classified as problematic. This affects the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js of the component Form Textbox Field Error Hand... Read more
Affected Products :- Published: Mar. 31, 2024
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2014-4244
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security.... Read more
- Published: Jul. 17, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2013-0776
Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 40... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_eus opensuse +3 more products- Published: Feb. 19, 2013
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2013-1416
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of servic... Read more
- Published: Apr. 19, 2013
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2014-1442
Directory traversal vulnerability in Core FTP Server 1.2 before build 515 allows remote authenticated users to determine the existence of arbitrary files via a /../ sequence in an XCRC command.... Read more
Affected Products : core_ftp- Published: May. 02, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-0401
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.... Read more
- Published: Jan. 15, 2014
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2014-3528
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication r... Read more
- Published: Aug. 19, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2021-28163
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves... Read more
Affected Products : fedora snapcenter e-series_santricity_os_controller e-series_santricity_web_services storage_replication_adapter_for_clustered_data_ontap vasa_provider_for_clustered_data_ontap virtual_storage_console solr autovue_for_agile_product_lifecycle_management communications_services_gatekeeper +13 more products- Published: Apr. 01, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-29671
IBM Spectrum Scale 5.1.0.1 could allow a local attacker to bypass the filesystem audit logging mechanism when file audit logging is enabled. IBM X-Force ID: 199478.... Read more
Affected Products : spectrum_scale- Published: Apr. 09, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-28376
ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files.... Read more
Affected Products : chronoforums- Published: Jan. 12, 2022
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-24371
The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could... Read more
Affected Products : rsvpmaker- Published: Aug. 02, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2014-4338
cups-browsed in cups-filters before 1.0.53 allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a malformed cups-browsed.conf BrowseAllow directive that is interpreted as granting browse access to all... Read more
Affected Products : cups-filters- Published: Jun. 22, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-0432
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.... Read more
Affected Products : ubuntu_linux fedora debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation mysql mariadb solaris linux_enterprise_server +4 more products- Published: Jan. 21, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-4287
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.... Read more
- Published: Oct. 15, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-3181
files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to b... Read more
Affected Products : moodle- Published: Jun. 01, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-6422
The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981.... Read more
Affected Products : unified_communications_domain_manager- Published: Dec. 14, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-0401
Unspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 and 11.1.1.7 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console.... Read more
Affected Products : fusion_middleware- Published: Jan. 21, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-7395
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Manag... Read more
Affected Products : maximo_asset_management maximo_for_life_sciences maximo_for_nuclear_power maximo_for_oil_and_gas maximo_for_transportation maximo_for_utilities smartcloud_control_desk change_and_configuration_management_database maximo_for_government tivoli_asset_management_for_it +1 more products- Published: Nov. 08, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2007-2700
The WLST script generated by the configToScript command in BEA WebLogic Express and WebLogic Server 9.0 and 9.1 does not encrypt certain attributes in configuration files when creating a new domain, which allows remote authenticated users to obtain sensit... Read more
Affected Products : weblogic_server- Published: May. 16, 2007
- Modified: Apr. 09, 2025