Search Results (5691 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-7293 1 Asus 1 Wl-330nul 2025-04-11 N/A
The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname.
CVE-2011-2528 2 Plone, Zope 3 Plone, Plone Hotfix 20110720, Zope 2025-04-11 N/A
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
CVE-2012-3416 2 Condor Project, Redhat 2 Condor, Enterprise Mrg 2025-04-11 N/A
Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname.
CVE-2012-1327 1 Cisco 1 Ios 2025-04-11 N/A
dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391.
CVE-2011-0720 2 Plone, Redhat 4 Plone, Conga, Luci and 1 more 2025-04-11 N/A
Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
CVE-2013-2175 4 Canonical, Debian, Haproxy and 1 more 6 Ubuntu Linux, Debian Linux, Haproxy and 3 more 2025-04-11 N/A
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.
CVE-2011-4127 3 Linux, Redhat, Suse 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more 2025-04-11 N/A
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.
CVE-2010-4252 1 Openssl 1 Openssl 2025-04-11 N/A
OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol.
CVE-2012-4411 1 Xen 1 Xen 2025-04-11 N/A
The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998.
CVE-2012-2947 2 Debian, Digium 3 Debian Linux, Asterisk, Certified Asterisk 2025-04-11 N/A
chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.
CVE-2022-47037 1 Siklu 10 Tg Firmware, Tg Lr T280, Tg Mpl-261 and 7 more 2025-04-10 7.5 High
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.
CVE-2022-47634 1 Isode 1 M-link 2025-04-10 8.1 High
M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867.
CVE-2022-4807 1 Usememos 1 Memos 2025-04-10 4.3 Medium
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4809 1 Usememos 1 Memos 2025-04-10 8.8 High
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4689 1 Usememos 1 Memos 2025-04-10 8.8 High
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
CVE-2024-37567 1 Infoblox 1 Nios 2025-04-10 9.1 Critical
Infoblox NIOS through 8.6.4 has Improper Access Control for Grids.
CVE-2024-37566 1 Infoblox 1 Nios 2025-04-10 9.8 Critical
Infoblox NIOS through 8.6.4 has Improper Authentication for Grids.
CVE-2022-4810 1 Usememos 1 Memos 2025-04-10 4.3 Medium
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4814 1 Usememos 1 Memos 2025-04-10 4.3 Medium
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-47543 1 Siren 1 Investigate 2025-04-10 5.3 Medium
An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects.