Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4293 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.
|
|||||
| CVE-2011-1832 | 1 Ecryptfs | 2 Ecryptfs-utils, Ecryptfs Utils | 2025-04-11 | 2.1 LOW | N/A |
|
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.
|
|||||
| CVE-2010-1641 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.6 MEDIUM | N/A |
|
The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request.
|
|||||
| CVE-2012-4582 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2025-04-11 | 4.9 MEDIUM | N/A |
|
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors.
|
|||||
| CVE-2013-5455 | 1 Ibm | 1 Smartcloud Provisioning | 2025-04-11 | 4.9 MEDIUM | N/A |
|
IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems[#].delete command.
|
|||||
| CVE-2012-1907 | 1 Privawall | 1 Privawall Antivirus | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The scanner engine in PrivaWall Antivirus 5.6 and earlier does not recognize the Office XML (aka Open Document XML) file format, which allows remote attackers to bypass malware detection via a crafted file embedded in a WordML document.
|
|||||
| CVE-2013-4319 | 1 Adaptivecomputing | 1 Torque Resource Manager | 2025-04-11 | 9.0 HIGH | N/A |
|
pbs_mom in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote authenticated users to execute arbitrary jobs by submitting a command.
|
|||||
| CVE-2013-1726 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | 6.2 MEDIUM | N/A |
|
Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use.
|
|||||
| CVE-2012-6562 | 1 Elgg | 1 Elgg | 2025-04-11 | 6.8 MEDIUM | N/A |
|
engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.
|
|||||
| CVE-2010-3734 | 1 Ibm | 1 Db2 | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack.
|
|||||
| CVE-2013-1670 | 1 Mozilla | 3 Firefox, Thunderbird, Thunderbird Esr | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site.
|
|||||
| CVE-2013-5701 | 1 Watchguard | 1 Server Center | 2025-04-11 | 7.2 HIGH | N/A |
|
Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory.
|
|||||
| CVE-2011-5144 | 1 Obm | 1 Open Business Management | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote attackers to obtain configuration information via a direct request to test.php, which calls the phpinfo function.
|
|||||
| CVE-2013-6965 | 1 Cisco | 1 Webex Training Center | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183.
|
|||||
| CVE-2012-3441 | 1 Icinga | 1 Icinga | 2025-04-11 | 7.5 HIGH | N/A |
|
The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors.
|
|||||
| CVE-2011-0976 | 1 Microsoft | 1 Powerpoint | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 do not properly handle Office Art containers that have invalid records, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PowerPoint document with a container that triggers certain access to an uninitia ...
Show More |
|||||
| CVE-2012-0833 | 1 Fedoraproject | 1 389 Directory Server | 2025-04-11 | 2.3 LOW | N/A |
|
The acllas__handle_group_entry function in servers/plugins/acl/acllas.c in 389 Directory Server before 1.2.10 does not properly handled access control instructions (ACIs) that use certificate groups, which allows remote authenticated LDAP users with a certificate group to cause a denial of service (infinite loop and CPU consumption) by binding to the server.
|
|||||
| CVE-2012-0364 | 1 Cisco | 12 Small Business Srp520-u Series Firmware, Small Business Srp520 Series Firmware, Small Business Srp521w and 9 more | 2025-04-11 | 7.8 HIGH | N/A |
|
Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495.
|
|||||
| CVE-2013-1069 | 1 Ubuntu | 1 Metal As A Service | 2025-04-11 | 2.1 LOW | N/A |
|
Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file.
|
|||||
| CVE-2013-2247 | 2 Drupal, Fast Permissions Administration Project | 2 Drupal, Fast Permission Administration | 2025-04-11 | 7.5 HIGH | N/A |
|
The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form.
|
|||||
| CVE-2011-0542 | 1 Fuse | 1 Fuse | 2025-04-11 | 3.3 LOW | N/A |
|
fusermount in fuse 2.8.5 and earlier does not perform a chdir to / before performing a mount or umount, which allows local users to unmount arbitrary directories via unspecified vectors.
|
|||||
| CVE-2011-1008 | 1 Bestpractical | 1 Rt | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not properly restrict access to a TicketObj in a Scrip after a CurrentUser change, which allows remote authenticated users to obtain sensitive information via unspecified vectors, as demonstrated by custom-field value information, related to SQL logging.
|
|||||
| CVE-2012-2722 | 2 Drupal, Scott Reynen | 2 Drupal, Node Embed | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles.
|
|||||
| CVE-2013-2506 | 1 Spreecommerce | 1 Spree | 2025-04-11 | 4.0 MEDIUM | N/A |
|
app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.
|
|||||
| CVE-2013-2271 | 1 Dlink | 2 Dsl-2740b, Dsl-2740b Firmware | 2025-04-11 | 7.6 HIGH | N/A |
|
The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.
|
|||||
| CVE-2010-3717 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710.
|
|||||
| CVE-2013-5189 | 1 Apple | 1 Mac Os X | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the completion of an update.
|
|||||
| CVE-2010-2756 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.
|
|||||
| CVE-2009-2822 | 1 Apple | 2 Airport Base Station, Airport Utility | 2025-04-11 | 6.8 MEDIUM | N/A |
|
AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame.
|
|||||
| CVE-2012-6116 | 1 Katello | 2 Katello, Katello-configure | 2025-04-11 | 2.1 LOW | N/A |
|
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file.
|
|||||
| CVE-2012-2660 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-11 | 6.4 MEDIUM | N/A |
|
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2694.
|
|||||
| CVE-2012-5483 | 1 Openstack | 1 Keystone | 2025-04-11 | 2.1 LOW | N/A |
|
tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to Amazon Elastic Compute Cloud (Amazon EC2) is configured, uses world-readable permissions for /etc/keystone/ec2rc, which allows local users to obtain access to EC2 services by reading administrative access and secret values from this file.
|
|||||
| CVE-2013-1111 | 1 Cisco | 2 Ata 187 Analog Telephone Adaptor, Ata 187 Analog Telephone Adaptor Firmware | 2025-04-11 | 9.0 HIGH | N/A |
|
The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038.
|
|||||
| CVE-2012-5660 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2025-04-11 | 6.9 MEDIUM | N/A |
|
abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a symlink attack on "the directories used to store information about crashes."
|
|||||
| CVE-2010-1646 | 1 Todd Miller | 1 Sudo | 2025-04-11 | 6.2 MEDIUM | N/A |
|
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.
|
|||||
| CVE-2013-1290 | 1 Microsoft | 1 Sharepoint Server | 2025-04-11 | 3.5 LOW | N/A |
|
Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
|
|||||
| CVE-2012-0264 | 1 Op5 | 1 Monitor | 2025-04-11 | 10.0 HIGH | N/A |
|
op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors.
|
|||||
| CVE-2010-4512 | 1 Michael Dehaan | 1 Cobbler | 2025-04-11 | 7.2 HIGH | N/A |
|
Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories.
|
|||||
| CVE-2011-0683 | 1 Opera | 1 Opera Browser | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Opera before 11.01 does not properly restrict the use of opera: URLs, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
|
|||||
| CVE-2011-4865 | 2 Google, Tencent | 3 Android, Microblogpad, Wblog | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application.
|
|||||