Total
316 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-0262 | 1 Cisco | 1 Meeting Server | 2024-11-29 | N/A |
| A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote Code Execution. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files as well as sensitive meeting information on an affected system. Additionally, if the Traversal Using Relay NAT (TURN) service is enabled and utilizing Transport Layer Security (TLS) connections, an attacker could utilize TURN credentials to forward traffic to device daemons, allowing for remote exploitation. This vulnerability affects Cisco Meeting Server (CMS) Acano X-series platforms that are running a CMS Software release prior to 2.2.11. Cisco Bug IDs: CSCvg76469. | ||||
| CVE-2018-0263 | 1 Cisco | 1 Meeting Server | 2024-11-29 | 7.4 High |
| A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471. | ||||
| CVE-2018-15386 | 1 Cisco | 1 Digital Network Architecture Center | 2024-11-26 | 9.8 Critical |
| A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an unauthenticated, remote attacker to bypass authentication and have direct unauthorized access to critical management functions. The vulnerability is due to an insecure default configuration of the affected system. An attacker could exploit this vulnerability by directly connecting to the exposed services. An exploit could allow the attacker to retrieve and modify critical system files. | ||||
| CVE-2018-15448 | 1 Cisco | 1 Registered Envelope Service | 2024-11-26 | 7.5 High |
| A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to an insecure configuration that allows improper indexing. An attacker could exploit this vulnerability by using a search engine to look for specific data strings. A successful exploit could allow the attacker to discover certain sensitive information about the application, including usernames. | ||||
| CVE-2023-43088 | 1 Dell | 2 Precision 7865 Tower, Precision 7865 Tower Firmware | 2024-11-21 | 7.2 High |
| Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device. | ||||
| CVE-2023-39392 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten. | ||||
| CVE-2023-39385 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.1 Critical |
| Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access. | ||||
| CVE-2023-33076 | 1 Qualcomm | 302 Aqt1000, Aqt1000 Firmware, Ar8035 and 299 more | 2024-11-21 | 5.9 Medium |
| Memory corruption in Core when updating rollback version for TA and OTA feature is enabled. | ||||
| CVE-2022-37397 | 1 Yugabyte | 1 Yugabytedb | 2024-11-21 | 8.3 High |
| An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password. | ||||
| CVE-2022-36423 | 2 Openatom, Openharmony | 2 Openharmony, Openharmony | 2024-11-21 | 7.4 High |
| OpenHarmony-v3.1.2 and prior versions have an incorrect configuration of the cJSON library, which leads a Stack overflow vulnerability during recursive parsing. LAN attackers can lead a DoS attack to all network devices. | ||||
| CVE-2022-33233 | 1 Qualcomm | 402 Apq8009, Apq8009 Firmware, Apq8009w and 399 more | 2024-11-21 | 7.8 High |
| Memory corruption due to configuration weakness in modem wile sending command to write protected files. | ||||
| CVE-2022-29095 | 1 Dell | 2 Supportassist For Business Pcs, Supportassist For Home Pcs | 2024-11-21 | 8.3 High |
| Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. | ||||
| CVE-2022-28762 | 1 Zoom | 1 Meetings | 2024-11-21 | 7.3 High |
| Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client. | ||||
| CVE-2022-22183 | 1 Juniper | 1 Junos Os Evolved | 2024-11-21 | 7.5 High |
| An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS. | ||||
| CVE-2021-35233 | 1 Solarwinds | 1 Kiwi Syslog Server | 2024-11-21 | 5.3 Medium |
| The HTTP TRACK & TRACE methods were enabled in Kiwi Syslog Server 9.7.1 and earlier. These methods are intended for diagnostic purposes only. If enabled, the web server will respond to requests that use these methods by returning exact HTTP request that was received in the response to the client. This may lead to the disclosure of sensitive information such as internal authentication headers appended by reverse proxies. | ||||
| CVE-2021-31381 | 1 Juniper | 1 Session And Resource Control | 2024-11-21 | 6.5 Medium |
| A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete files which may allow the attacker to disrupt the integrity and availability of the system. | ||||
| CVE-2021-31380 | 1 Juniper | 1 Session And Resource Control | 2024-11-21 | 5.3 Medium |
| A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information. | ||||
| CVE-2021-22957 | 1 Ui | 1 Unifi Protect | 2024-11-21 | 8.8 High |
| A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later. | ||||
| CVE-2021-21532 | 1 Dell | 1 Wyse Thinos | 2024-11-21 | 5 Medium |
| Dell Wyse ThinOS 8.6 MR9 contains remediation for an improper management server validation vulnerability that could be potentially exploited to redirect a client to an attacker-controlled management server, thus allowing the attacker to change the device configuration or certificate file. | ||||
| CVE-2021-20032 | 1 Sonicwall | 1 Analytics | 2024-11-21 | 9.8 Critical |
| SonicWall Analytics 2.5 On-Prem is vulnerable to Java Debug Wire Protocol (JDWP) interface security misconfiguration vulnerability which potentially leads to Remote Code Execution. This vulnerability impacts Analytics On-Prem 2.5.2518 and earlier. | ||||