NVD List
| Id | Name | Description | Reject | CVSS Version | CVSS Score | Severity | Pub Date | Modified Date | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 43794 | CVE-2012-1936 | ** DISPUTED ** The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks on specific actions and objects by sniffing the network, as demonstrated by attacks against the wp-admin/admin-ajax.php and wp-admin/user-new.php scripts. NOTE: the vendor reportedly disputes the significance of this issue because wp_create_nonce operates as intended, even if it is arguably inconsistent with certain CSRF protection details advocated by external organizations. | 2 | 6.8 | Medium | 2017-01-19 | 2012-05-10 | View | |
| 41865 | CVE-2013-7030 | ** DISPUTED ** The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product"s documentation describes use of the TFTP Encrypted Config option in addressing this issue. | 2 | 5 | Medium | 2017-01-18 | 2016-11-01 | View | |
| 15426 | CVE-2010-4121 | ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only." | 2 | 7.5 | High | 2017-01-18 | 2010-10-29 | View | |
| 61888 | CVE-2006-3209 | ** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation. | 2 | 7.2 | High | 2016-12-20 | 2008-09-05 | View | |
| 21288 | CVE-2016-6595 | ** DISPUTED ** The SwarmKit toolkit 1.12.0 for Docker allows remote authenticated users to cause a denial of service (prevention of cluster joins) via a long sequence of join and quit actions. NOTE: the vendor disputes this issue, stating that this sequence is not "removing the state that is left by old nodes. At some point the manager obviously stops being able to accept new nodes, since it runs out of memory. Given that both for Docker swarm and for Docker Swarmkit nodes are *required* to provide a secret token (it"s actually the only mode of operation), this means that no adversary can simply join nodes and exhaust manager resources. We can"t do anything about a manager running out of memory and not being able to add new legitimate nodes to the system. This is merely a resource provisioning issue, and definitely not a CVE worthy vulnerability." | 2 | 4 | Medium | 2017-01-19 | 2017-01-06 | View |
Page 17577 of 17672, showing 5 records out of 88360 total, starting on record 87881, ending on 87885
