Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3409 | 2 Debian, Ecryptfs | 2 Debian Linux, Ecryptfs-utils | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation
|
|||||
| CVE-2012-3338 | 1 Ibm | 1 Infosphere Guardium | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attacker to bypass security restrictions, caused by improper restrictions on the create new user account functionality. An attacker could exploit this vulnerability to create unprivileged user accounts. IBM X-Force ID: 78286.
|
|||||
| CVE-2012-2350 | 2 Debian, Pam Shield Project | 2 Debian Linux, Pam Shield | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
pam_shield before 0.9.4: Default configuration does not perform protective action
|
|||||
| CVE-2012-2248 | 2 Debian, Dhclient Project | 2 Debian Linux, Dhclient | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
|
An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.
|
|||||
| CVE-2012-1326 | 1 Cisco | 1 Ironport Web Security Appliance | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
|
Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks
|
|||||
| CVE-2012-1168 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
|
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified.
|
|||||
| CVE-2012-0694 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
|
|||||
| CVE-2012-0334 | 1 Cisco | 1 Ironport Web Security Appliance | 2024-11-21 | 3.2 LOW | 6.4 MEDIUM |
|
Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks
|
|||||
| CVE-2012-0051 | 2 Debian, Tahoe-lafs | 2 Debian Linux, Tahoe-lafs | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
|
Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval.
|
|||||
| CVE-2011-4968 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
|
nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)
|
|||||
| CVE-2011-4967 | 2 Openpegasus, Redhat | 2 Tog-pegasus, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
tog-Pegasus has a package hash collision DoS vulnerability
|
|||||
| CVE-2011-4904 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
TYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.
|
|||||
| CVE-2011-4902 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.
|
|||||
| CVE-2011-4310 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The news module in CMSMS before 1.9.4.3 allows remote attackers to corrupt new articles.
|
|||||
| CVE-2011-4182 | 1 Opensuse | 1 Sysconfig | 2024-11-21 | 6.8 MEDIUM | 7.3 HIGH |
|
Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1.
|
|||||
| CVE-2011-4181 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in open build service allows remote attackers to gain access to source files even though source access is disabled. Affected releases are SUSE open build service up to and including version 2.1.15 (for 2.1) and before version 2.3.
|
|||||
| CVE-2011-4124 | 1 Calibre-ebook | 1 Calibre | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.
|
|||||
| CVE-2011-4120 | 3 Debian, Linux, Yubico | 3 Debian Linux, Linux Kernel, Pam Module | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string.
|
|||||
| CVE-2011-3611 | 1 Usebb | 1 Usebb | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.
|
|||||
| CVE-2011-3477 | 1 Symantec | 4 Backup Exec System Recovery, Norton 360, Norton Ghost and 1 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors.
|
|||||
| CVE-2011-3203 | 1 Jcow | 1 Jcow Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2.
|
|||||
| CVE-2011-2922 | 1 Ktsuss Project | 1 Ktsuss | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
ktsuss versions 1.4 and prior spawns the GTK interface to run as root. This can allow a local attacker to escalate privileges to root and use the "GTK_MODULES" environment variable to possibly execute arbitrary code.
|
|||||
| CVE-2011-2902 | 2 Debian, Glyphandcog | 2 Debian Linux, Xpdf | 2024-11-21 | 6.4 MEDIUM | 5.3 MEDIUM |
|
zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.
|
|||||
| CVE-2011-2897 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
gdk-pixbuf through 2.31.1 has GIF loader buffer overflow when initializing decompression tables due to an input validation flaw
|
|||||
| CVE-2011-2808 | 1 Google | 1 Blink | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
A stale layout root is set as an input element in WebKit in Google Chrome before Blink M13 when a child of a keygen with autofocus is accessed.
|
|||||
| CVE-2011-1028 | 2 Debian, Smarty | 2 Debian Linux, Smarty | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.
|
|||||
| CVE-2011-0704 | 1 Fedoraproject | 1 389 Directory Server | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
389 Directory Server 1.2.7.5, when built with mozldap, allows remote attackers to cause a denial of service (replica crash) by sending an empty modify request.
|
|||||
| CVE-2011-0703 | 2 Debian, Gksu-polkit Project | 2 Debian Linux, Gksu-polkit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an administrator X11 session.
|
|||||
| CVE-2011-0529 | 2 Debian, Weborf Project | 2 Debian Linux, Weborf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Weborf before 0.12.5 is affected by a Denial of Service (DOS) due to malformed fields in HTTP.
|
|||||
| CVE-2011-0220 | 1 Apple | 1 Bonjour | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Apple Bonjour before 2011 allows a crash via a crafted multicast DNS packet.
|
|||||
| CVE-2010-4815 | 1 Coppermine-gallery | 1 Coppermine Gallery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Coppermine gallery before 1.4.26 has an input validation vulnerability that allows for code execution.
|
|||||
| CVE-2010-4660 | 1 Status | 1 Statusnet | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Unspecified vulnerability in statusnet through 2010 due to the way addslashes are used in SQL string escapes..
|
|||||
| CVE-2010-4239 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Tiki Wiki CMS Groupware 5.2 has Local File Inclusion
|
|||||
| CVE-2010-3667 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.
|
|||||
| CVE-2010-3439 | 3 Cor-entertainment, Debian, Fedoraproject | 3 Alien-arena, Debian Linux, Fedora | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.
|
|||||
| CVE-2010-3375 | 1 Qtparted Project | 1 Qtparted | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
qtparted has insecure library loading which may allow arbitrary code execution
|
|||||
| CVE-2010-3373 | 2 Debian, Grsecurity | 2 Debian Linux, Paxtest | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
paxtest handles temporary files insecurely
|
|||||
| CVE-2010-3359 | 2 Debian, Gargoyle Project | 2 Debian Linux, Gargoyle | 2024-11-21 | 4.4 MEDIUM | 4.8 MEDIUM |
|
If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a directory with a cracked libgarglk.so and gain access to the user's account.
|
|||||
| CVE-2010-3293 | 1 Mailscanner | 1 Mailscanner | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
mailscanner can allow local users to prevent virus signatures from being updated
|
|||||
| CVE-2010-2490 | 2 Debian, Mumble | 2 Debian Linux, Mumble | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Mumble: murmur-server has DoS due to malformed client query
|
|||||