Total
1074 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2149 | 1 Redhat | 1 Openshift | 2025-04-12 | N/A |
| Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to read log files from another namespace by using the same name as a previously deleted namespace when creating a new namespace. | ||||
| CVE-2015-0236 | 4 Canonical, Mageia, Opensuse and 1 more | 10 Ubuntu Linux, Mageia, Opensuse and 7 more | 2025-04-12 | N/A |
| libvirt before 1.2.12 allow remote authenticated users to obtain the VNC password by using the VIR_DOMAIN_XML_SECURE flag with a crafted (1) snapshot to the virDomainSnapshotGetXMLDesc interface or (2) image to the virDomainSaveImageGetXMLDesc interface. | ||||
| CVE-2016-5676 | 2 Netgear, Nuuo | 3 Readynas Surveillance, Nvrmini 2, Nvrsolo | 2025-04-12 | N/A |
| cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to reset the administrator password via a cmd=loaddefconfig action. | ||||
| CVE-2016-5420 | 4 Debian, Haxx, Opensuse and 1 more | 6 Debian Linux, Libcurl, Leap and 3 more | 2025-04-12 | N/A |
| curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. | ||||
| CVE-2014-0192 | 2 Redhat, Theforeman | 2 Satellite, Foreman | 2025-04-12 | N/A |
| Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof." | ||||
| CVE-2015-0245 | 2 Freedesktop, Opensuse | 2 Dbus, Opensuse | 2025-04-12 | N/A |
| D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. | ||||
| CVE-2016-5404 | 4 Fedoraproject, Freeipa, Oracle and 1 more | 4 Fedora, Freeipa, Linux and 1 more | 2025-04-12 | N/A |
| The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission. | ||||
| CVE-2016-5799 | 1 Moxa | 7 Oncell G3001 Firmware, Oncell G3100v2, Oncell G3100v2 Firmware and 4 more | 2025-04-12 | N/A |
| Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not properly restrict authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2016-3703 | 1 Redhat | 1 Openshift | 2025-04-12 | N/A |
| Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter. | ||||
| CVE-2016-5788 | 1 Ge | 4 Bently Nevada 3500\/22m Serial, Bently Nevada 3500\/22m Serial Firmware, Bently Nevada 3500\/22m Usb and 1 more | 2025-04-12 | N/A |
| General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. | ||||
| CVE-2022-45874 | 1 Huawei | 2 Aslan-al10, Aslan-al10 Firmware | 2025-04-11 | 5.5 Medium |
| Huawei Aslan Children's Watch has an improper authorization vulnerability. Successful exploit could allow the attacker to access certain file. | ||||
| CVE-2013-2113 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2025-04-11 | N/A |
| The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role. | ||||
| CVE-2013-1865 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Folsom, Openstack | 2025-04-11 | N/A |
| OpenStack Keystone Folsom (2012.2) does not properly perform revocation checks for Keystone PKI tokens when done through a server, which allows remote attackers to bypass intended access restrictions via a revoked PKI token. | ||||
| CVE-2022-24894 | 1 Sensiolabs | 1 Symfony | 2025-04-10 | 5.9 Medium |
| Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim's session. This issue has been patched and is available for branch 4.4. | ||||
| CVE-2022-4804 | 1 Usememos | 1 Memos | 2025-04-10 | 5.3 Medium |
| Improper Authorization in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4688 | 1 Usememos | 1 Memos | 2025-04-09 | 8.8 High |
| Improper Authorization in GitHub repository usememos/memos prior to 0.9.0. | ||||
| CVE-2022-4868 | 1 Froxlor | 1 Froxlor | 2025-04-09 | 4.3 Medium |
| Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | ||||
| CVE-2025-1806 | 2025-04-09 | 4.3 Medium | ||
| A vulnerability, which was classified as problematic, has been found in Eastnets PaymentSafe 2.5.26.0. Affected by this issue is some unknown functionality of the file /Default.aspx of the component URL Handler. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.5.27.0 is able to address this issue. | ||||
| CVE-2025-2638 | 1 Jizhicms | 1 Jizhicms | 2025-04-02 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument ishot with the input 1 leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2637 | 1 Jizhicms | 1 Jizhicms | 2025-04-02 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in JIZHICMS up to 1.7.0. Affected by this issue is some unknown functionality of the file /user/userinfo.html of the component Account Profile Page. The manipulation of the argument jifen leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||