Latest CVE Feed
-
4.0
MEDIUMCVE-2021-4016
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or fi... Read more
Affected Products : insight_agent- Published: Jan. 21, 2022
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2013-2219
The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute.... Read more
- Published: Jul. 31, 2013
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2015-2535
Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service outage) by creating multiple machine accounts, aka "Active Directory Denial of Service Vul... Read more
- Published: Sep. 09, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2009-0922
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified encoding,... Read more
Affected Products : postgresql- Published: Mar. 17, 2009
- Modified: Apr. 09, 2025
-
4.0
MEDIUMCVE-2015-0391
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.... Read more
- Published: Jan. 21, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-0547
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restricti... Read more
Affected Products : documentum_d2- Published: Jul. 04, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2011-2511
Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call that triggers memory corruption.... Read more
Affected Products : libvirt- Published: Aug. 10, 2011
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2016-9749
IBM Campaign 9.1.0, 9.1.2, 10.0, and 10.1 could allow an authenticated user with access to the local network to bypass security due to lack of input validation. IBM X-Force ID: 120206.... Read more
Affected Products : campaign- Published: Nov. 09, 2018
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2011-0701
wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read (1) draft posts or (2) private posts via a modified attachment_id parameter.... Read more
Affected Products : wordpress- Published: Mar. 14, 2011
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2021-20391
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.... Read more
- Published: May. 14, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2015-4040
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_edge_gateway +4 more products- Published: Sep. 17, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2007-4669
The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148.... Read more
- Published: Sep. 04, 2007
- Modified: Apr. 09, 2025
-
4.0
MEDIUMCVE-2021-20286
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.... Read more
- Published: Mar. 15, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2008-3991
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.08, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to OLAPSYS.CWM2_OLAP_AW_AWUTIL, a different vulnerability than CVE-2008-3990.... Read more
- Published: Oct. 14, 2008
- Modified: Apr. 09, 2025
-
4.0
MEDIUMCVE-2015-4870
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser.... Read more
Affected Products : ubuntu_linux fedora debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation leap enterprise_linux_server_aus enterprise_linux_server_tus mysql +5 more products- Published: Oct. 21, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-6491
Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via unspecified vectors.... Read more
- Published: Oct. 28, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2010-5298
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an S... Read more
- Published: Apr. 14, 2014
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2021-21781
An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak ke... Read more
- Published: Aug. 18, 2021
- Modified: Nov. 21, 2024
-
4.0
MEDIUMCVE-2013-4239
The xenDaemonListDefinedDomains function in xen/xend_internal.c in libvirt 1.1.1 allows remote authenticated users to cause a denial of service (memory corruption and crash) via vectors involving the virConnectListDefinedDomains API function.... Read more
Affected Products : libvirt- Published: Sep. 30, 2013
- Modified: Apr. 11, 2025
-
4.0
MEDIUMCVE-2013-2357
Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360.... Read more
Affected Products : system_management_homepage- Published: Jul. 22, 2013
- Modified: Apr. 11, 2025