Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3178 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 do not properly handle certain modal calls made by javascript: URLs in circumstances related to opening a new window and performing cross-domain navigation, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document.
|
|||||
| CVE-2012-4106 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The fabric-interconnect component in Cisco Unified Computing System (UCS) uses the same privilege level for execution of every script, which allows local users to gain privileges and execute arbitrary commands via an unspecified script-execution approach, aka Bug ID CSCtq86477.
|
|||||
| CVE-2010-1386 | 1 Apple | 1 Webkit | 2025-04-11 | 10.0 HIGH | N/A |
|
page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357.
|
|||||
| CVE-2011-4834 | 3 Hp, Ibm, Sun | 4 Application Lifestyle Management, Hp-ux, Aix and 1 more | 2025-04-11 | 4.6 MEDIUM | N/A |
|
The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.
|
|||||
| CVE-2014-1626 | 1 Galen Charlton | 1 Marc-xml | 2025-04-11 | 5.0 MEDIUM | N/A |
|
XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file.
|
|||||
| CVE-2012-1450 | 3 Emsisoft, Ikarus, Sophos | 3 Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner, Sophos Anti-virus | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Sophos Anti-Virus 4.61.0, and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved3 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
|
|||||
| CVE-2010-3033 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-11 | 9.0 HIGH | N/A |
|
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843.
|
|||||
| CVE-2013-5010 | 1 Symantec | 1 Endpoint Protection | 2025-04-11 | 4.6 MEDIUM | N/A |
|
The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors.
|
|||||
| CVE-2013-5383 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | 4.0 MEDIUM | N/A |
|
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382.
|
|||||
| CVE-2013-6955 | 1 Synology | 1 Diskstation Manager | 2025-04-11 | 10.0 HIGH | N/A |
|
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.
|
|||||
| CVE-2012-4421 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing Protocol (aka AtomPub) feature.
|
|||||
| CVE-2012-5479 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.5 MEDIUM | N/A |
|
The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback.
|
|||||
| CVE-2013-0315 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.
|
|||||
| CVE-2010-0682 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.0 MEDIUM | N/A |
|
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter.
|
|||||
| CVE-2010-2455 | 1 Opera | 1 Opera Browser | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206.
|
|||||
| CVE-2010-3934 | 1 Rim | 2 Blackberry 9700, Blackberry Device Software | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-0652 | 1 Ge | 1 Intelligent Platforms Proficy Real-time Information Portal | 2025-04-11 | 5.0 MEDIUM | N/A |
|
GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call.
|
|||||
| CVE-2013-0922 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors.
|
|||||
| CVE-2011-2741 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2025-04-11 | 6.8 MEDIUM | N/A |
|
EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified "data elements."
|
|||||
| CVE-2013-3898 | 1 Microsoft | 2 Windows 8, Windows Server 2012 | 2025-04-11 | 7.9 HIGH | N/A |
|
Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, does not ensure memory-address validity, which allows guest OS users to execute arbitrary code in all guest OS instances, and allows guest OS users to cause a denial of service (host OS crash), via a guest-to-host hypercall with a crafted function parameter, aka "Address Corruption Vulnerability."
|
|||||
| CVE-2011-4309 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL.
|
|||||
| CVE-2012-4494 | 2 Drupal, Niif | 2 Drupal, Shibb Auth | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibly have other impacts by logging in.
|
|||||
| CVE-2010-4806 | 1 Ibm | 1 Web Content Manager | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges.
|
|||||
| CVE-2011-4704 | 2 Android, Voxofon | 2 Android, Voxofon | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application.
|
|||||
| CVE-2010-5093 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before 2.3.7 allows remote attackers to hijack user accounts by saving data using the email address (ID) of another user.
|
|||||
| CVE-2008-7277 | 1 Otrs | 1 Otrs | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets.
|
|||||
| CVE-2013-6004 | 1 Cybozu | 1 Garoon | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors.
|
|||||
| CVE-2013-5373 | 1 Ibm | 1 Rational Clearcase | 2025-04-11 | 6.9 MEDIUM | N/A |
|
The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands.
|
|||||
| CVE-2013-0925 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
|
Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors.
|
|||||
| CVE-2010-1099 | 1 Apple | 1 Safari | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Integer overflow in Apple Safari allows remote attackers to bypass intended port restrictions on outbound TCP connections via a port number outside the range of the unsigned short data type, as demonstrated by a value of 65561 for TCP port 25.
|
|||||
| CVE-2011-1717 | 1 Skype | 1 Skype For Android | 2025-04-11 | 2.1 LOW | N/A |
|
Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information.
|
|||||
| CVE-2012-4442 | 1 Monkey-project | 1 Monkey | 2025-04-11 | 4.7 MEDIUM | N/A |
|
Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.
|
|||||
| CVE-2012-1827 | 1 Efstechnology | 1 Autoform Pdm Archive | 2025-04-11 | 6.5 MEDIUM | N/A |
|
The web service in AutoFORM PDM Archive before 7.1 does not have authorization requirements, which allows remote authenticated users to perform database operations via a SOAP request, as demonstrated by the initializeQueryDatabase2 request.
|
|||||
| CVE-2011-2739 | 1 Emc | 1 Documentum Eroom | 2025-04-11 | 8.5 HIGH | N/A |
|
The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file.
|
|||||
| CVE-2012-5168 | 1 Atutor | 1 Acontent | 2025-04-11 | 7.5 HIGH | N/A |
|
ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php.
|
|||||
| CVE-2013-7247 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2025-04-11 | 5.0 MEDIUM | N/A |
|
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST.
|
|||||
| CVE-2012-6422 | 2 Meizu, Samsung | 3 Mx, Galaxy Note 2, Galaxy S2 | 2025-04-11 | 9.3 HIGH | N/A |
|
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.
|
|||||
| CVE-2010-3830 | 1 Apple | 1 Iphone Os | 2025-04-11 | 7.2 HIGH | N/A |
|
Networking in Apple iOS before 4.2 accesses an invalid pointer during the processing of packet filter rules, which allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2011-4080 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment.
|
|||||
| CVE-2013-1903 | 1 Postgresql | 1 Postgresql | 2025-04-11 | 10.0 HIGH | N/A |
|
PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors.
|
|||||