Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3292 | 1 Globus | 1 Globus Toolkit | 2025-04-11 | 7.6 HIGH | N/A |
|
The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file.
|
|||||
| CVE-2011-4584 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site.
|
|||||
| CVE-2012-1895 | 1 Microsoft | 6 .net Framework, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
|
The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
|
|||||
| CVE-2013-3370 | 1 Bestpractical | 1 Rt | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request.
|
|||||
| CVE-2013-4033 | 1 Ibm | 2 Db2, Db2 Connect | 2025-04-11 | 4.6 MEDIUM | N/A |
|
IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority.
|
|||||
| CVE-2012-5146 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL.
|
|||||
| CVE-2007-6734 | 1 Novell | 2 Netware, Netware Ftp Server | 2025-04-11 | 4.0 MEDIUM | N/A |
|
NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors.
|
|||||
| CVE-2011-1021 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 3.6 LOW | N/A |
|
drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347.
|
|||||
| CVE-2012-4737 | 1 Digium | 2 Asterisk, Certified Asterisk | 2025-04-11 | 6.0 MEDIUM | N/A |
|
channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials.
|
|||||
| CVE-2012-5574 | 1 Sensiolabs | 1 Symfony | 2025-04-11 | 5.0 MEDIUM | N/A |
|
lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request.
|
|||||
| CVE-2013-7135 | 1 Detlef Pilzecker | 1 Proc\ | 2025-04-11 | 7.2 HIGH | N/A |
|
The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.
|
|||||
| CVE-2013-3692 | 1 Blackberry | 2 Blackberry Os, Z10 | 2025-04-11 | 6.2 MEDIUM | N/A |
|
BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses weak permissions for a BlackBerry Protect object, which allows physically proximate attackers to bypass intended access restrictions by leveraging a user's BlackBerry Protect password-reset request and a user's installation of a crafted application.
|
|||||
| CVE-2011-0396 | 1 Cisco | 17 Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 and 14 more | 2025-04-11 | 7.8 HIGH | N/A |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 before 8.0(5.23), 8.1 before 8.1(2.49), 8.2 before 8.2(4.1), and 8.3 before 8.3(2.13), when a Certificate Authority (CA) is configured, allow remote attackers to read arbitrary files via unspecified vectors, aka Bug ID CSCtk12352.
|
|||||
| CVE-2013-3949 | 1 Apple | 1 Mac Os X | 2025-04-11 | 2.1 LOW | N/A |
|
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function.
|
|||||
| CVE-2010-3898 | 1 Ibm | 1 Omnifind | 2025-04-11 | 5.0 MEDIUM | N/A |
|
IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site.
|
|||||
| CVE-2010-2224 | 1 Redhat | 1 Enterprise Virtualization Manager | 2025-04-11 | 2.1 LOW | N/A |
|
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.
|
|||||
| CVE-2010-0978 | 1 Kmsoft | 1 Guestbook | 2025-04-11 | 5.0 MEDIUM | N/A |
|
KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.
|
|||||
| CVE-2008-7300 | 1 Sun | 2 Opensolaris, Sunos | 2025-04-11 | 8.5 HIGH | N/A |
|
The labeled networking implementation in Solaris Trusted Extensions in Sun Solaris 10 and OpenSolaris snv_39 through snv_67, when a labeled zone is in the installed state, allows remote authenticated users to bypass a Mandatory Access Control (MAC) policy and obtain access to the global zone.
|
|||||
| CVE-2012-3311 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2025-04-11 | 3.3 LOW | N/A |
|
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors.
|
|||||
| CVE-2012-6076 | 1 Inkscape | 1 Inkscape | 2025-04-11 | 4.4 MEDIUM | N/A |
|
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
|
|||||
| CVE-2013-4356 | 1 Xen | 1 Xen | 2025-04-11 | 5.4 MEDIUM | N/A |
|
Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash).
|
|||||
| CVE-2011-2600 | 1 Microsoft | 1 Windows Xp | 2025-04-11 | 7.1 HIGH | N/A |
|
The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK.
|
|||||
| CVE-2011-4592 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality.
|
|||||
| CVE-2010-2291 | 1 Snom | 1 Voip Phone Firmware | 2025-04-11 | 3.3 LOW | N/A |
|
Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-5901 | 1 Dflabs | 1 Ptk | 2025-04-11 | 5.0 MEDIUM | N/A |
|
DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory.
|
|||||
| CVE-2014-1666 | 1 Xen | 1 Xen | 2025-04-11 | 8.3 HIGH | N/A |
|
The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.
|
|||||
| CVE-2013-1687 | 1 Mozilla | 3 Firefox, Thunderbird, Thunderbird Esr | 2025-04-11 | 9.3 HIGH | N/A |
|
The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site.
|
|||||
| CVE-2013-6403 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.
|
|||||
| CVE-2011-4030 | 1 Plone | 2 Cmfeditions, Plone | 2025-04-11 | 9.3 HIGH | N/A |
|
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
|
|||||
| CVE-2013-1108 | 1 Cisco | 1 Webex Training Center | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064.
|
|||||
| CVE-2011-3417 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | 9.3 HIGH | N/A |
|
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
|
|||||
| CVE-2013-6695 | 1 Cisco | 1 Secure Access Control System | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive information via a download action, as demonstrated by obtaining read access to the user database, aka Bug ID CSCuj39274.
|
|||||
| CVE-2012-1122 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 3.6 LOW | N/A |
|
bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to bypass intended access restrictions and move bug reports to a different project.
|
|||||
| CVE-2011-2143 | 1 Ibm | 1 Datacap Taskmaster Capture | 2025-04-11 | 6.8 MEDIUM | N/A |
|
IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain.
|
|||||
| CVE-2012-4550 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-11 | 6.4 MEDIUM | N/A |
|
JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to the EJB.
|
|||||
| CVE-2010-0728 | 1 Samba | 1 Samba | 2025-04-11 | 8.5 HIGH | N/A |
|
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.
|
|||||
| CVE-2013-2190 | 2 Clutter Project, Opensuse | 2 Clutter, Opensuse | 2025-04-11 | 2.1 LOW | N/A |
|
The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors.
|
|||||
| CVE-2013-0706 | 1 Nec | 1 Universal Raid Utility | 2025-04-11 | 9.0 HIGH | N/A |
|
NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and earlier, and 2.5 Rev 2244 and earlier does not provide access control, which allows remote attackers to perform arbitrary RAID disk operations via unspecified vectors.
|
|||||
| CVE-2012-2291 | 3 Apple, Emc, Hp | 4 Mac Os X, Avamar, Avamar Plugin and 1 more | 2025-04-11 | 7.2 HIGH | N/A |
|
EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.
|
|||||
| CVE-2012-2335 | 1 Php | 1 Php | 2025-04-11 | 7.5 HIGH | N/A |
|
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.
|
|||||