Total
653 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-11010 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 5.3 Medium |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates. | ||||
| CVE-2016-11009 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 5.3 Medium |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates. | ||||
| CVE-2016-11008 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 5.3 Medium |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates. | ||||
| CVE-2016-11007 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 5.3 Medium |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval. | ||||
| CVE-2016-11006 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-11-21 | 5.3 Medium |
| The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes. | ||||
| CVE-2016-10840 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
| cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72). | ||||
| CVE-2015-9550 | 1 Totolink | 16 A850r-v1, A850r-v1 Firmware, F1-v2 and 13 more | 2024-11-21 | 7.5 High |
| An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface. | ||||
| CVE-2015-10004 | 1 Json Web Token Project | 1 Json Web Token | 2024-11-21 | 7.5 High |
| Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC. | ||||
| CVE-2014-2387 | 3 Debian, Opensuse, Pen Project | 3 Debian Linux, Opensuse, Pen | 2024-11-21 | 4.4 Medium |
| Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities | ||||
| CVE-2014-0023 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.8 High |
| OpenShift: Install script has temporary file creation vulnerability which can result in arbitrary code execution | ||||
| CVE-2013-4561 | 1 Redhat | 1 Openshift | 2024-11-21 | 9.1 Critical |
| In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. | ||||
| CVE-2013-4480 | 2 Redhat, Suse | 5 Network Satellite, Satellite, Satellite With Embedded Oracle and 2 more | 2024-11-21 | N/A |
| Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts. | ||||
| CVE-2013-4374 | 1 Redhat | 2 Jboss Operations Network, Rhq Mongo Db Drift Server | 2024-11-21 | 7.1 High |
| An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files. | ||||
| CVE-2013-4280 | 1 Redhat | 3 Enterprise Virtualization, Storage, Virtual Desktop Server Manager | 2024-11-21 | 5.5 Medium |
| Insecure temporary file vulnerability in RedHat vsdm 4.9.6. | ||||
| CVE-2013-4253 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.5 High |
| The deployment script in the unsupported "OpenShift Extras" set of add-on scripts, in Red Hat Openshift 1, installs a default public key in the root user's authorized_keys file. | ||||
| CVE-2013-2183 | 1 Monkey-project | 1 Monkey | 2024-11-21 | 7.1 High |
| Monkey HTTP Daemon has local security bypass | ||||
| CVE-2013-0163 | 1 Redhat | 1 Openshift | 2024-11-21 | 5.5 Medium |
| OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS | ||||
| CVE-2012-1846 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code." | ||||
| CVE-2011-1960 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2024-11-21 | N/A |
| Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability." | ||||
| CVE-2011-1258 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2024-11-21 | N/A |
| Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." | ||||