| Severity | Description | ||||||
|---|---|---|---|---|---|---|---|
| CVE-2021-43177 | Medium | 5.3 v3 | 0.8% | - | Fix available | 2022-04-11 | As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N) |
| CVE-2021-40006 | Medium | 4.6 v3 | 0.1% | - | -No fix available yet | 2022-01-10 | Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2019-10059 | Medium | 5.3 v3 | 0.9% | - | -No fix available yet | 2019-08-28 | The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices. |
| CVE-2016-10933 | Medium | 5.9 v3 | 1.1% | - | -No fix available yet | 2019-08-26 | An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP. |
| CVE-2016-10932 | Medium | 4.8 v3 | 0.7% | - | Fix available | 2019-08-26 | An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted. |
| CVE-2015-9331 | High | 7.5 v3 | 1.4% | - | Fix available | 2019-08-20 | The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. |
| CVE-2015-9318 | High | 7.5 v3 | 1.4% | - | Fix available | 2019-08-20 | The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies. |
| CVE-2019-15149 | Critical | 9.8 v3 | 1.6% | - | Fix available | 2019-08-18 | core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in conjunction with hypothetical other factors, i.e., an affected use case within a library caller, and a bug in the message receiver policy code that led to reliance on this extra protection mechanism |
| CVE-2016-10894 | Medium | 4.6 v3 | 0.4% | - | Fix available | 2019-08-16 | xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger). |
| CVE-2017-18480 | Medium | 6.5 v3 | 0.9% | - | Fix available | 2019-08-05 | cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210). |
| CVE-2017-18477 | Medium | 6.5 v3 | 0.9% | - | Fix available | 2019-08-05 | In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206). |
| CVE-2017-18476 | High | 7.5 v3 | 1.1% | - | Fix available | 2019-08-05 | Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205). |
| CVE-2016-10772 | Low | 3.3 v3 | 0.3% | - | Fix available | 2019-08-05 | cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). |
| CVE-2017-18467 | Medium | 4.3 v3 | 0.7% | - | Fix available | 2019-08-05 | cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229). |
| CVE-2017-18462 | High | 7.5 v3 | 0.9% | - | Fix available | 2019-08-05 | cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224). |
| CVE-2017-18445 | Medium | 4.3 v3 | 0.6% | - | Fix available | 2019-08-02 | cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249). |
| CVE-2017-18429 | Low | 3.3 v3 | 0.3% | - | Fix available | 2019-08-02 | In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291). |
| CVE-2017-8227 | Critical | 9.8 v3 | 4.1% | - | -No fix available yet | 2019-07-03 | Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification (which is supported by the same binary) then there is no account lockout or timeout executed. This can allow an attacker to circumvent the account protection mechanism and brute force the credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that perfor |
| CVE-2017-11579 | High | 7.1 v3 | 1.6% | - | -No fix available yet | 2019-07-02 | In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device can connect to it and have Internet access. This device acts as a Wireless Blood pressure monitor and is used to measure blood pressure levels of a person. This allows an attacker who is in vicinity of Wireless signal generated by the Blipcare device to easily sniff the credentials. Also, an attacker can connect to the open wireless network "Blip" exposed by the device and modify the HTTP response presented to the user by the device to execute other attacks such as convincing the user to download and |
| CVE-2017-13718 | High | 8.0 v3 | 2.1% | - | -No fix available yet | 2019-06-10 | The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the device uses custom Python code called "rodman" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the to |
| CVE-2019-5495 | High | 7.5 v3 | 1.4% | - | Fix available | 2019-05-10 | OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors. |
| CVE-2019-11636 | High | 7.5 v3 | 2.2% | - | -No fix available yet | 2019-05-01 | Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack. |
| CVE-2014-1428 | Low | 2.0 v3 | 0.9% | - | Fix available | 2019-04-22 | A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2. |
| CVE-2011-3145 | Low | 3.8 v3 | 1.0% | - | Fix available | 2019-04-22 | When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private. |
| CVE-2016-10746 | High | 7.5 v3 | 2.1% | - | Fix available | 2019-04-18 | libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886. |
| CVE-2019-10741 | Medium | 4.3 v3 | 0.9% | - | -No fix available yet | 2019-04-07 | K-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, email within (digitally signed) reply messages. The quoted part can contain conditional statements that show completely different text if opened in a different email client. This can be abused by an attacker to obtain valid S/MIME or PGP signatures for arbitrary content to be displayed to a third party. NOTE: the vendor states "We don't plan to take any action because of this." |
| CVE-2017-2752 | Low | 2.1 v3 | 0.5% | - | -No fix available yet | 2019-03-27 | A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue. |
| CVE-2017-2748 | High | 7.5 v3 | 1.9% | - | -No fix available yet | 2019-03-27 | A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue. |
| CVE-2017-2411 | Medium | 5.9 v3 | 0.7% | - | Fix available | 2019-01-11 | In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates. |
| CVE-2016-4642 | Medium | 5.9 v3 | 1.3% | - | Fix available | 2019-01-11 | In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings. |
| CVE-2018-6336 | High | 7.8 v3 | 0.5% | - | Fix available | 2018-12-31 | An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7 |
| CVE-2014-6050 | Medium | 5.3 v3 | 4.6% | - | Fix available | 2018-08-28 | phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request. |
| CVE-2016-8615 | Medium | 5.3 v3 | 4.5% | - | Fix available | 2018-08-01 | A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. |
| CVE-2016-9900 | High | 7.5 v3 | 9.9% | - | Fix available | 2018-06-11 | External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
| CVE-2016-9895 | Medium | 6.1 v3 | 1.8% | - | Fix available | 2018-06-11 | Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. |
| CVE-2016-9072 | High | 7.5 v3 | 1.3% | - | Fix available | 2018-06-11 | When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50. |
| CVE-2016-9071 | Medium | 5.3 v3 | 1.9% | - | Fix available | 2018-06-11 | Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50. |
| CVE-2018-0353 | High | 7.5 v3 | 3.9% | - | -No fix available yet | 2018-06-07 | A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system software that is responsible for monitoring affected traffic. An attacker could exploit this vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow the attacker to pass traffic through the device, which the WSA was configured to deny. This vulnerability affects both IPv4 and IPv6 traffic. This vulnerability affects Cisco AsyncOS versions for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or 11.0.0 WSA Software. Th |
| CVE-2016-10552 | High | 7.4 v3 | 0.5% | - | -No fix available yet | 2018-05-31 | igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol. |
| CVE-2015-9243 | Medium | 5.9 v3 | 1.0% | - | Fix available | 2018-05-29 | When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`). |
| CVE-2016-10443 | Medium | 6.8 v3 | 0.7% | - | -No fix available yet | 2018-04-18 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, packet replay may be possible. |
| CVE-2014-10063 | High | 7.5 v3 | 0.7% | - | -No fix available yet | 2018-04-18 | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 and SD 800, a fuse is not correctly blown on a secure device. |
| CVE-2018-4863 | Medium | 5.5 v3 | 1.2% | - | -No fix available yet | 2018-04-05 | Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key. |
| CVE-2016-10717 | High | 7.8 v3 | 1.1% | - | -No fix available yet | 2018-03-21 | A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP. |
| CVE-2016-0274 | Medium | 5.4 v3 | 0.6% | - | -No fix available yet | 2018-03-09 | IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to conduct clickjacking attacks via a crafted web site. IBM X-Force ID: 111076. |
| CVE-2016-9568 | Critical | 9.8 v3 | 1.7% | - | -No fix available yet | 2018-02-19 | A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions. |
| CVE-2011-4889 | Critical | 9.8 v3 | 2.7% | - | Fix available | 2018-02-08 | The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581. |
| CVE-2009-5144 | High | 7.5 v3 | 0.9% | - | -No fix available yet | 2018-02-03 | mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate. |
| CVE-2015-1142857 | High | 8.6 v3 | 2.5% | - | -No fix available yet | 2018-01-23 | On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected. |
| CVE-2018-0110 | High | 8.1 v3 | 1.4% | - | -No fix available yet | 2018-01-18 | A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not disable access to specifically configured user accounts, even after access had been disabled in the web application. An attacker could exploit this vulnerability by connecting to the remote support account, even after it had been disabled at the web application level. An exploit could allow the attacker to modify server configuration and gain access to customer data. Cisco Bug IDs: CSCvg46741. |
- MediumCVSS 5.3 v3·EPSS 0.8%·Fix available
As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password (OTP) for one (and only one) immediately trailing interval. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
Published 2022-04-11
- MediumCVSS 4.6 v3·EPSS 0.1%·No fix yet
Vulnerability of design defects in the security algorithm component. Successful exploitation of this vulnerability may affect confidentiality.
Published 2022-01-10
- MediumCVSS 5.3 v3·EPSS 0.9%·No fix yet
The legacy finger service (TCP port 79) is enabled by default on various older Lexmark devices.
Published 2019-08-28
- MediumCVSS 5.9 v3·EPSS 1.1%·No fix yet
An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP.
Published 2019-08-26
- MediumCVSS 4.8 v3·EPSS 0.7%·Fix available
An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted.
Published 2019-08-26
- HighCVSS 7.5 v3·EPSS 1.4%·Fix available
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit.
Published 2019-08-20
- HighCVSS 7.5 v3·EPSS 1.4%·Fix available
The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies.
Published 2019-08-20
- CriticalCVSS 9.8 v3·EPSS 1.6%·Fix available
core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in conjunction with hypothetical other factors, i.e., an affected use case within a library caller, and a bug in the message receiver policy code that led to reliance on this extra protection mechanism
Published 2019-08-18
- MediumCVSS 4.6 v3·EPSS 0.4%·Fix available
xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).
Published 2019-08-16
- MediumCVSS 6.5 v3·EPSS 0.9%·Fix available
cPanel before 62.0.4 does not enforce account ownership for has_mycnf_for_cpuser WHM API calls (SEC-210).
Published 2019-08-05
- MediumCVSS 6.5 v3·EPSS 0.9%·Fix available
In cPanel before 62.0.4, Exim transports could execute in the context of the nobody account (SEC-206).
Published 2019-08-05
- HighCVSS 7.5 v3·EPSS 1.1%·Fix available
Leech Protect in cPanel before 62.0.4 does not protect certain directories (SEC-205).
Published 2019-08-05
- CVSS 3.3 v3·EPSS 0.3%·Fix available
cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168).
Published 2019-08-05
- MediumCVSS 4.3 v3·EPSS 0.7%·Fix available
cPanel before 62.0.17 allows access to restricted resources because of a URL filtering error (SEC-229).
Published 2019-08-05
- HighCVSS 7.5 v3·EPSS 0.9%·Fix available
cPanel before 62.0.17 allows a CPHulk one-day ban bypass when IP based protection is enabled (SEC-224).
Published 2019-08-05
- MediumCVSS 4.3 v3·EPSS 0.6%·Fix available
cPanel before 64.0.21 does not enforce demo restrictions for SSL API calls (SEC-249).
Published 2019-08-02
- CVSS 3.3 v3·EPSS 0.3%·Fix available
In cPanel before 66.0.2, Apache HTTP Server SSL domain logs can persist on disk after an account termination (SEC-291).
Published 2019-08-02
- CriticalCVSS 9.8 v3·EPSS 4.1%·No fix yet
Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification (which is supported by the same binary) then there is no account lockout or timeout executed. This can allow an attacker to circumvent the account protection mechanism and brute force the credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary "sonia" is the one that has the vulnerable function that perfor
Published 2019-07-03
- HighCVSS 7.1 v3·EPSS 1.6%·No fix yet
In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device can connect to it and have Internet access. This device acts as a Wireless Blood pressure monitor and is used to measure blood pressure levels of a person. This allows an attacker who is in vicinity of Wireless signal generated by the Blipcare device to easily sniff the credentials. Also, an attacker can connect to the open wireless network "Blip" exposed by the device and modify the HTTP response presented to the user by the device to execute other attacks such as convincing the user to download and
Published 2019-07-02
- HighCVSS 8.0 v3·EPSS 2.1%·No fix yet
The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the device uses custom Python code called "rodman" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the to
Published 2019-06-10
- HighCVSS 7.5 v3·EPSS 1.4%·Fix available
OnCommand Unified Manager for VMware vSphere, Linux and Windows prior to 9.5 shipped without certain HTTP Security headers configured which could allow an attacker to obtain sensitive information via unspecified vectors.
Published 2019-05-10
- HighCVSS 7.5 v3·EPSS 2.2%·No fix yet
Zcash 2.x allows an inexpensive approach to "fill all transactions of all blocks" and "prevent any real transaction from occurring" via a "Sapling Wood-Chipper" attack.
Published 2019-05-01
- CVSS 2.0 v3·EPSS 0.9%·Fix available
A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.
Published 2019-04-22
- CVSS 3.8 v3·EPSS 1.0%·Fix available
When mount.ecrpytfs_private before version 87-0ubuntu1.2 calls setreuid() it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfs_private.
Published 2019-04-22
- HighCVSS 7.5 v3·EPSS 2.1%·Fix available
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.
Published 2019-04-18
- MediumCVSS 4.3 v3·EPSS 0.9%·No fix yet
K-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, email within (digitally signed) reply messages. The quoted part can contain conditional statements that show completely different text if opened in a different email client. This can be abused by an attacker to obtain valid S/MIME or PGP signatures for arbitrary content to be displayed to a third party. NOTE: the vendor states "We don't plan to take any action because of this."
Published 2019-04-07
- CVSS 2.1 v3·EPSS 0.5%·No fix yet
A potential security vulnerability caused by incomplete obfuscation of application configuration information was discovered in Tommy Hilfiger TH24/7 Android app versions 2.0.0.11, 2.0.1.14, 2.1.0.16, and 2.2.0.19. HP has no access to customer data as a result of this issue.
Published 2019-03-27
- HighCVSS 7.5 v3·EPSS 1.9%·No fix yet
A potential security vulnerability caused by the use of insecure (http) transactions during login has been identified with early versions of the Isaac Mizrahi Smartwatch mobile app. HP has no access to customer data as a result of this issue.
Published 2019-03-27
- MediumCVSS 5.9 v3·EPSS 0.7%·Fix available
In iOS before 11.2, exchange rates were retrieved from HTTP rather than HTTPS. This was addressed by enabling HTTPS for exchange rates.
Published 2019-01-11
- MediumCVSS 5.9 v3·EPSS 1.3%·Fix available
In iOS before 9.3.3, tvOS before 9.2.2, and OS X El Capitan before v10.11.6 and Security Update 2016-004, proxy authentication incorrectly reported HTTP proxies received credentials securely. This issue was addressed through improved warnings.
Published 2019-01-11
- HighCVSS 7.8 v3·EPSS 0.5%·Fix available
An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. This issue affects osquery prior to v3.2.7
Published 2018-12-31
- MediumCVSS 5.3 v3·EPSS 4.6%·Fix available
phpMyFAQ before 2.8.13 allows remote attackers to bypass the CAPTCHA protection mechanism by replaying the request.
Published 2018-08-28
- MediumCVSS 5.3 v3·EPSS 4.5%·Fix available
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.
Published 2018-08-01
- HighCVSS 7.5 v3·EPSS 9.9%·Fix available
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Published 2018-06-11
- MediumCVSS 6.1 v3·EPSS 1.8%·Fix available
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
Published 2018-06-11
- HighCVSS 7.5 v3·EPSS 1.3%·Fix available
When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox < 50.
Published 2018-06-11
- MediumCVSS 5.3 v3·EPSS 1.9%·Fix available
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50.
Published 2018-06-11
- HighCVSS 7.5 v3·EPSS 3.9%·No fix yet
A vulnerability in traffic-monitoring functions in Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to circumvent Layer 4 Traffic Monitor (L4TM) functionality and bypass security protections. The vulnerability is due to a change in the underlying operating system software that is responsible for monitoring affected traffic. An attacker could exploit this vulnerability by sending crafted IP packets to an affected device. A successful exploit could allow the attacker to pass traffic through the device, which the WSA was configured to deny. This vulnerability affects both IPv4 and IPv6 traffic. This vulnerability affects Cisco AsyncOS versions for WSA on both virtual and hardware appliances running any release of the 10.5.1, 10.5.2, or 11.0.0 WSA Software. Th
Published 2018-06-07
- HighCVSS 7.4 v3·EPSS 0.5%·No fix yet
igniteui 0.0.5 and earlier downloads JavaScript and CSS resources over insecure protocol.
Published 2018-05-31
- MediumCVSS 5.9 v3·EPSS 1.0%·Fix available
When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`).
Published 2018-05-29
- MediumCVSS 6.8 v3·EPSS 0.7%·No fix yet
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, packet replay may be possible.
Published 2018-04-18
- HighCVSS 7.5 v3·EPSS 0.7%·No fix yet
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 and SD 800, a fuse is not correctly blown on a secure device.
Published 2018-04-18
- MediumCVSS 5.5 v3·EPSS 1.2%·No fix yet
Sophos Endpoint Protection 10.7 allows local users to bypass an intended tamper protection mechanism by deleting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Sophos Endpoint Defense\ registry key.
Published 2018-04-05
- HighCVSS 7.8 v3·EPSS 1.1%·No fix yet
A vulnerability in the encryption and permission implementation of Malwarebytes Anti-Malware consumer version 2.2.1 and prior (fixed in 3.0.4) allows an attacker to take control of the whitelisting feature (exclusions.dat under %SYSTEMDRIVE%\ProgramData) to permit execution of unauthorized applications including malware and malicious websites. Files blacklisted by Malwarebytes Malware Protect can be executed, and domains blacklisted by Malwarebytes Web Protect can be reached through HTTP.
Published 2018-03-21
- MediumCVSS 5.4 v3·EPSS 0.6%·No fix yet
IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to conduct clickjacking attacks via a crafted web site. IBM X-Force ID: 111076.
Published 2018-03-09
- CriticalCVSS 9.8 v3·EPSS 1.7%·No fix yet
A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions.
Published 2018-02-19
- CriticalCVSS 9.8 v3·EPSS 2.7%·Fix available
The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using Tivoli Directory Server, which might allow remote attackers to gain access to an application by leveraging knowledge of an old password. IBM X-Force ID: 72581.
Published 2018-02-08
- HighCVSS 7.5 v3·EPSS 0.9%·No fix yet
mod-gnutls does not validate client certificates when "GnuTLSClientVerify require" is set in a directory context, which allows remote attackers to spoof clients via a crafted certificate.
Published 2018-02-03
- HighCVSS 8.6 v3·EPSS 2.5%·No fix yet
On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected.
Published 2018-01-23
- HighCVSS 8.1 v3·EPSS 1.4%·No fix yet
A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to access the remote support account even after it has been disabled via the web application. The vulnerability is due to a design flaw in Cisco WebEx Meetings Server, which would not disable access to specifically configured user accounts, even after access had been disabled in the web application. An attacker could exploit this vulnerability by connecting to the remote support account, even after it had been disabled at the web application level. An exploit could allow the attacker to modify server configuration and gain access to customer data. Cisco Bug IDs: CSCvg46741.
Published 2018-01-18
Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.