Total
261 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2001-1452 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2024-02-08 | 7.5 High |
By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses. | ||||
CVE-2000-1218 | 1 Microsoft | 5 Windows 2000, Windows 98, Windows 98se and 2 more | 2024-02-08 | 9.8 Critical |
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache. | ||||
CVE-1999-1549 | 1 Lynx Project | 1 Lynx | 2024-02-08 | 7.8 High |
Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands. | ||||
CVE-2005-0877 | 1 Thekelleys | 1 Dnsmasq | 2024-02-08 | 7.5 High |
Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq. | ||||
CVE-2003-0174 | 1 Sgi | 1 Irix | 2024-02-08 | 9.8 Critical |
The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password. | ||||
CVE-2023-5859 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-01-31 | 4.3 Medium |
Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) | ||||
CVE-2023-5858 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-01-31 | 4.3 Medium |
Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | ||||
CVE-2023-5853 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-01-31 | 4.3 Medium |
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2023-5851 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-01-31 | 4.3 Medium |
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2023-47199 | 1 Trendmicro | 1 Apex One | 2024-01-30 | 7.8 High |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47193. | ||||
CVE-2023-47197 | 1 Trendmicro | 1 Apex One | 2024-01-30 | 7.8 High |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47198. | ||||
CVE-2023-47196 | 1 Trendmicro | 1 Apex One | 2024-01-30 | 7.8 High |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47197. | ||||
CVE-2023-47195 | 1 Trendmicro | 1 Apex One | 2024-01-30 | 7.8 High |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47196. | ||||
CVE-2023-47194 | 1 Trendmicro | 1 Apex One | 2024-01-30 | 7.8 High |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47195. | ||||
CVE-2023-47193 | 1 Trendmicro | 1 Apex One | 2024-01-30 | 7.8 High |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47194. | ||||
CVE-2023-47198 | 1 Trendmicro | 1 Apex One | 2024-01-30 | 7.8 High |
An origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47199. | ||||
CVE-2023-47200 | 1 Trendmicro | 1 Apex One | 2024-01-30 | 7.8 High |
A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47201. | ||||
CVE-2024-0814 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-01-29 | 6.5 Medium |
Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | ||||
CVE-2023-20275 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-01-25 | 4.3 Medium |
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. This vulnerability is due to improper validation of the packet's inner source IP address after decryption. An attacker could exploit this vulnerability by sending crafted packets through the tunnel. A successful exploit could allow the attacker to send a packet impersonating another VPN user's IP address. It is not possible for the attacker to receive return packets. | ||||
CVE-2020-16952 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-31 | 8.6 High |
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> |