2066 matches found
CVE-2018-4145
Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 11.3, tvOS 11.3, watchOS 4.3, Safari 11.1, iTunes 12.7.4 for Windows, iCloud for Windows 7.4...
CVE-2018-4361
A memory consumption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7...
CVE-2009-4037
Multiple SQL injection vulnerabilities in FrontAccounting FA before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 admin/db/usersdb.inc, and various other .inc and .php files under 2 admin/, 3 dimensions/, 4 gl/, 5...
CVE-2021-22989
On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, when running in Appliance mode with Advanced WAF or BIG-IP ASM provisioned, the TMUI, also referred to as the Configuration utility,...
CVE-2021-22978
On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.5, and all 12.1.x and 11.6.x versions, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of BIG-IP if the victim user is...
CVE-2021-22975
On BIG-IP version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, and 14.1.x before 14.1.3.1, under some circumstances, Traffic Management Microkernel TMM may restart on the BIG-IP system while passing large bursts of traffic. Note: Software versions which have reached End of Software Development...
CVE-2021-22997
On all 7.x and 6.x versions fixed in 8.0.0, BIG-IQ HA ElasticSearch service does not implement any form of authentication for the clustering transport services, and all data used by ElasticSearch for transport is unencrypted. Note: Software versions which have reached End of Software Development...
CVE-2021-22999
On versions 15.0.x before 15.1.0 and 14.1.x before 14.1.4, the BIG-IP system provides an option to connect HTTP/2 clients to HTTP/1.x servers. When a client is slow to accept responses and it closes a connection prematurely, the BIG-IP system may indefinitely retain some streams unclosed. Note:...
CVE-2022-23016
On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS a...
CVE-2022-33683
Apache Pulsar Brokers and Proxies create an internal Pulsar Admin Client that does not verify peer TLS certificates, even when tlsAllowInsecureConnection is disabled via configuration. The Pulsar Admin Client's intra-cluster and geo-replication HTTPS connections are vulnerable to man in the middl...
CVE-2017-18648
An issue was discovered on Samsung mobile devices with KK4.4.x, L5.x, M6.x, and N7.x software. Arbitrary file read/write operations can occur in the locked state via a crafted MTP command. The Samsung ID is SVE-2017-10086 November 2017...
CVE-2017-18666
An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.x software. Applications can send arbitrary premium SMS messages. The Samsung ID is SVE-2017-8701 June 2017...
CVE-2017-18671
An issue was discovered on Samsung mobile devices with L5.0/5.1, M6.0, and N7.x software. Intents related to Wi-Fi have incorrect exception handling, leading to a crash of system processes. The Samsung ID is SVE-2017-8389 May 2017...
CVE-2019-20614
An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 software. Allshare allows attackers to access sensitive information. The Samsung ID is SVE-2018-13453 March 2019...
CVE-2019-20530
An issue was discovered on Samsung mobile devices with N7.1, O8.x, P9.0, and Q10.0 software. Arbitrary code execution is possible on the lock screen. The Samsung ID is SVE-2019-15266 December 2019...
CVE-2020-10854
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. Kernel stack addresses are leaked to userspace. The Samsung ID is SVE-2019-16161 January 2020...
CVE-2020-10852
An issue was discovered on Samsung mobile devices with O8.x, P9.0, and Q10.0 software. There is a stack overflow in display driver. The Samsung ID is SVE-2019-15877 January 2020...
CVE-2020-24664
The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter...
CVE-2023-45653
Cross-Site Request Forgery CSRF vulnerability in Galaxy Weblinks Video Playlist For YouTube plugin = 6.0 versions...
CVE-2022-37926
A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface by uploading a specially crafted file. A successful exploit could allow an attacker to execute...