Click to open the Alert Filter

 
Year Month
Severity
Categories
Search by Alert Name
Page(s) : 1 2 3 4 5 6 [7] 8 9 10 11 12 13 14 15 16 17 ...Result(s) : 67585

Alerts Feed Alerts

DateNameCategoriesDetail
6.82014-12-15CVE-2014-9386cve Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended wor...
6.82014-12-15CVE-2014-9385cve Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger...
2.12014-12-15CVE-2014-9252cve Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka Z...
52014-12-15CVE-2014-9251cve Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack o...
52014-12-15CVE-2014-9250cve Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain creden...
7.52014-12-15CVE-2014-9249cve The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408.
52014-12-15CVE-2014-9248cve Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406.
42014-12-15CVE-2014-9247cve Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka U...
N/A2014-12-15CVE-2014-9246cve ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-9385, CVE-2014-9386. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. ...
52014-12-15CVE-2014-9245cve Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trac...
6.82014-12-15CVE-2014-8967cve Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style S...
3.32014-12-15CVE-2014-8610cve AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and conseq...
7.22014-12-15CVE-2014-8609cve The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, ...
7.52014-12-15CVE-2014-8507cve Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android ...
7.22014-12-15CVE-2014-7911cve luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an ...
9.32014-12-15CVE-2014-6261cve Zenoss Core through 5 Beta 3 does not properly implement the Check For Updates feature, which allows remote attackers to execute arbitrary code by (1) spoofing the callhome serv...
6.82014-12-15CVE-2014-6260cve Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of...
52014-12-15CVE-2014-6259cve Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) ...
52014-12-15CVE-2014-6258cve An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression matc...
52014-12-15CVE-2014-6257cve Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407.
Page(s) : 1 2 3 4 5 6 [7] 8 9 10 11 12 13 14 15 16 17 ...Result(s) : 67585