Search Results (5684 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-1898 2 Citrix, Redhat 3 Xen, Enterprise Linux, Rhel Eus 2025-04-11 N/A
Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers."
CVE-2013-2175 4 Canonical, Debian, Haproxy and 1 more 6 Ubuntu Linux, Debian Linux, Haproxy and 3 more 2025-04-11 N/A
HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to use hdr_ip or other "hdr_*" functions with a negative occurrence count, allows remote attackers to cause a denial of service (negative array index usage and crash) via an HTTP header with a certain number of values, related to the MAX_HDR_HISTORY variable.
CVE-2012-2947 2 Debian, Digium 3 Debian Linux, Asterisk, Certified Asterisk 2025-04-11 N/A
chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold.
CVE-2011-4127 3 Linux, Redhat, Suse 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more 2025-04-11 N/A
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.
CVE-2022-47037 1 Siklu 10 Tg Firmware, Tg Lr T280, Tg Mpl-261 and 7 more 2025-04-10 7.5 High
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.
CVE-2022-47634 1 Isode 1 M-link 2025-04-10 8.1 High
M-Link Archive Server in Isode M-Link R16.2v1 through R17.0 before R17.0v24 allows non-administrative users to access and manipulate archive data via certain HTTP endpoints, aka LINK-2867.
CVE-2022-4807 1 Usememos 1 Memos 2025-04-10 4.3 Medium
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4809 1 Usememos 1 Memos 2025-04-10 8.8 High
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4689 1 Usememos 1 Memos 2025-04-10 8.8 High
Improper Access Control in GitHub repository usememos/memos prior to 0.9.0.
CVE-2024-37567 1 Infoblox 1 Nios 2025-04-10 9.1 Critical
Infoblox NIOS through 8.6.4 has Improper Access Control for Grids.
CVE-2024-37566 1 Infoblox 1 Nios 2025-04-10 9.8 Critical
Infoblox NIOS through 8.6.4 has Improper Authentication for Grids.
CVE-2022-4810 1 Usememos 1 Memos 2025-04-10 4.3 Medium
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-4814 1 Usememos 1 Memos 2025-04-10 4.3 Medium
Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
CVE-2022-47543 1 Siren 1 Investigate 2025-04-10 5.3 Medium
An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects.
CVE-2022-38184 1 Esri 1 Portal For Arcgis 2025-04-10 7.5 High
There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.
CVE-2025-2973 1 Code-projects 1 College Management System 2025-04-10 6.3 Medium
A vulnerability, which was classified as critical, was found in code-projects College Management System 1.0. This affects an unknown part of the file /Admin/student.php. The manipulation of the argument profile_image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-24486 2 Silex, Silextechnology 3 Ds-600 Firmware, Ds-600, Ds-600 Firmware 2025-04-10 9.1 Critical
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command.
CVE-2024-24487 2 Silex, Silextechnology 3 Ds-600 Firmware, Ds-600, Ds-600 Firmware 2025-04-10 6.8 Medium
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command.
CVE-2024-24485 2 Silex, Silextechnology 3 Ds-600 Firmware, Ds-600, Ds-600 Firmware 2025-04-10 7.5 High
An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA command.
CVE-2022-4724 1 Ikus-soft 1 Rdiffweb 2025-04-09 9.8 Critical
Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5.