Search Results (4437 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2351 2 Debian, Mahara 2 Debian Linux, Mahara 2025-04-11 N/A
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username.
CVE-2010-4478 1 Openbsd 1 Openssh 2025-04-11 N/A
OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a related issue to CVE-2010-4252.
CVE-2012-3416 2 Condor Project, Redhat 2 Condor, Enterprise Mrg 2025-04-11 N/A
Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname.
CVE-2013-1858 1 Linux 1 Linux Kernel 2025-04-11 N/A
The clone system-call implementation in the Linux kernel before 3.8.3 does not properly handle a combination of the CLONE_NEWUSER and CLONE_FS flags, which allows local users to gain privileges by calling chroot and leveraging the sharing of the / directory between a parent process and a child process.
CVE-2013-7293 1 Asus 1 Wl-330nul 2025-04-11 N/A
The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname.
CVE-2013-4213 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform 2025-04-11 N/A
Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.
CVE-2012-5519 3 Apple, Debian, Redhat 3 Cups, Debian Linux, Enterprise Linux 2025-04-11 N/A
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.
CVE-2013-4316 2 Apache, Oracle 4 Struts, Flexcube Private Banking, Mysql Enterprise Monitor and 1 more 2025-04-11 N/A
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors.
CVE-2022-47037 1 Siklu 10 Tg Firmware, Tg Lr T280, Tg Mpl-261 and 7 more 2025-04-10 7.5 High
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.
CVE-2024-51954 3 Esri, Linux, Microsoft 3 Arcgis Server, Linux Kernel, Windows 2025-04-10 8.5 High
There is an improper access control issue in ArcGIS Server versions 11.3 and below on Windows and Linux, which under unique circumstances, could potentially allow a remote, low privileged authenticated attacker to access secure services published a standalone (Unfederated) ArcGIS Server instance.  If successful this compromise would have a high impact on Confidentiality, low impact on integrity and no impact to availability of the software.
CVE-2022-47634 1 Isode 1 M-link 2025-04-10 8.1 High
M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867.
CVE-2022-4807 1 Usememos 1 Memos 2025-04-10 4.3 Medium
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4809 1 Usememos 1 Memos 2025-04-10 8.8 High
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4689 1 Usememos 1 Memos 2025-04-10 8.8 High
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
CVE-2024-37567 1 Infoblox 1 Nios 2025-04-10 9.1 Critical
Infoblox NIOS through 8.6.4 has Improper Access Control for Grids.
CVE-2024-37566 1 Infoblox 1 Nios 2025-04-10 9.8 Critical
Infoblox NIOS through 8.6.4 has Improper Authentication for Grids.
CVE-2022-4810 1 Usememos 1 Memos 2025-04-10 4.3 Medium
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4814 1 Usememos 1 Memos 2025-04-10 4.3 Medium
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-47543 1 Siren 1 Investigate 2025-04-10 5.3 Medium
An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects.
CVE-2022-38184 1 Esri 1 Portal For Arcgis 2025-04-10 7.5 High
There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.