Latest CVE Feed
-
4.0
MEDIUMCVE-2021-25342
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.... Read more
- Published: Mar. 04, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-28163
In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves... Read more
Affected Products : fedora snapcenter e-series_santricity_os_controller e-series_santricity_web_services storage_replication_adapter_for_clustered_data_ontap vasa_provider_for_clustered_data_ontap virtual_storage_console solr autovue_for_agile_product_lifecycle_management communications_services_gatekeeper +13 more products- Published: Apr. 01, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2010-2759
Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2, when PostgreSQL is used, does not properly handle large integers in (1) bug and (2) attachment phrases, which allows remote authenticated users to cause a deni... Read more
Affected Products : bugzilla- Published: Aug. 16, 2010
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2013-1416
The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of servic... Read more
- Published: Apr. 19, 2013
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2005-3527
Race condition in do_coredump in signal.c in Linux kernel 2.6 allows local users to cause a denial of service by triggering a core dump in one thread while another thread has a pending SIGSTOP.... Read more
Affected Products : linux_kernel- Published: Nov. 09, 2005
- Modified: Apr. 03, 2025
-
4.0
MEDIUMCVE-2021-24371
The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could... Read more
Affected Products : rsvpmaker- Published: Aug. 02, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2010-3682
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NUL... Read more
- Published: Jan. 11, 2011
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2021-2326
Vulnerability in the Database Vault component of Oracle Database Server. Supported versions that are affected are 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to... Read more
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2012-1680
Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Apps - Multi-channel Technologies.... Read more
Affected Products : siebel_crm- Published: Jan. 17, 2013
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2012-4731
FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.... Read more
Affected Products : rtfm- Published: Nov. 11, 2012
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2021-2308
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple... Read more
Affected Products : active_iq_unified_manager mysql oncommand_insight oncommand_workflow_automation snapcenter mysql_server- Published: Apr. 22, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2017-3318
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high priv... Read more
- Published: Jan. 27, 2017
- Modified: Apr. 20, 2025
-
4.0
MEDIUMCVE-2012-1964
The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before ... Read more
- Published: Jul. 18, 2012
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2012-2133
Use-after-free vulnerability in the Linux kernel before 3.3.6, when huge pages are enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges by interacting with a hugetlbfs filesystem, as demonstrated by a umount ... Read more
Affected Products : linux_kernel- Published: Jul. 03, 2012
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2017-3317
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker... Read more
- Published: Jan. 27, 2017
- Modified: Apr. 20, 2025
-
4.0
MEDIUMCVE-2017-18824
Certain NETGEAR devices are affected by directory traversal. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15,... Read more
- Published: Apr. 20, 2020
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2021-26400
AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage.... Read more
- Published: May. 11, 2022
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2018-2916
Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: API frameworks). The supported version that is affected is Prior to 8.7.18. Easily exploitable vulnerability allows high privileged attac... Read more
- Published: Jul. 18, 2018
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2011-0856
Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.49 GA through 8.49.30, 8.50 GA through 8.50.17, and 8.51 GA through 8.51.07 allows remote authenticated users to affect confidentiality via unknown vectors.... Read more
- Published: Apr. 20, 2011
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2018-14023
Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.... Read more
- Published: Aug. 20, 2018
- Modified: Nov. 21, 2024