Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1830 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
|
user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search.
|
|||||
| CVE-2012-1459 | 32 Ahnlab, Alwil, Anti-virus and 29 more | 34 V3 Internet Security, Avast Antivirus, Vba32 and 31 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanne ...
Show More |
|||||
| CVE-2010-4340 | 1 Apache | 1 Libcloud | 2025-04-11 | 4.3 MEDIUM | N/A |
|
libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack.
|
|||||
| CVE-2012-0366 | 1 Cisco | 1 Unity Connection | 2025-04-11 | 9.0 HIGH | N/A |
|
Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141.
|
|||||
| CVE-2012-4495 | 2 Drupal, Mime Mail Module Project | 2 Drupal, Mimemail | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments.
|
|||||
| CVE-2013-3056 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors.
|
|||||
| CVE-2013-4310 | 1 Apache | 1 Struts | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.
|
|||||
| CVE-2012-2439 | 1 Netgear | 1 Prosafe Fvs318n | 2025-04-11 | 7.5 HIGH | N/A |
|
The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.
|
|||||
| CVE-2013-2776 | 2 Apple, Todd Miller | 2 Mac Os X, Sudo | 2025-04-11 | 4.4 MEDIUM | N/A |
|
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originall ...
Show More |
|||||
| CVE-2010-1439 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Rhn-client-tools and 1 more | 2025-04-11 | 3.6 LOW | N/A |
|
yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Enterprise Linux (RHEL) 5 and Fedora uses world-readable permissions for the /var/spool/up2date/loginAuth.pkl file, which allows local users to access the Red Hat Network profile, and possibly prevent future security updates, by leveraging authentication data from this file.
|
|||||
| CVE-2012-2359 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.5 MEDIUM | N/A |
|
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability.
|
|||||
| CVE-2012-3174 | 1 Oracle | 2 Jdk, Jre | 2025-04-11 | 10.0 HIGH | N/A |
|
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114.
|
|||||
| CVE-2013-2246 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
|
mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time.
|
|||||
| CVE-2012-4975 | 1 Layton Technology | 1 Helpbox | 2025-04-11 | 4.0 MEDIUM | N/A |
|
editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter.
|
|||||
| CVE-2011-3645 | 1 Newgensoft | 1 Omnidocs | 2025-04-11 | 7.5 HIGH | N/A |
|
Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.
|
|||||
| CVE-2012-6036 | 1 Xen | 1 Xen | 2025-04-11 | 4.4 MEDIUM | N/A |
|
The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others ...
Show More |
|||||
| CVE-2013-0751 | 2 Google, Mozilla | 3 Android, Firefox, Seamonkey | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document.
|
|||||
| CVE-2012-0362 | 1 Cisco | 1 Ios | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106.
|
|||||
| CVE-2010-1146 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 6.9 MEDIUM | N/A |
|
The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/.
|
|||||
| CVE-2010-1347 | 2 Ibm, Linux | 3 Aix, Director Agent, Linux Kernel | 2025-04-11 | 7.2 HIGH | N/A |
|
Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users to gain privileges by executing these scripts.
|
|||||
| CVE-2013-4677 | 1 Symantec | 1 Backup Exec | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files.
|
|||||
| CVE-2010-0393 | 1 Apple | 1 Cups | 2025-04-11 | 6.9 MEDIUM | N/A |
|
The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.
|
|||||
| CVE-2012-0326 | 2 Google, Tetsuya Aoyama | 2 Android, Twicca | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The twicca application 0.7.0 through 0.9.30 for Android does not properly restrict the use of network privileges, which allows remote attackers to read media files on an SD card via a crafted application.
|
|||||
| CVE-2013-6492 | 1 Ryan Ohara | 1 Piranha | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.
|
|||||
| CVE-2012-1442 | 10 Aladdin, Antiy, Cat and 7 more | 11 Esafe, Avl Sdk, Quick Heal and 8 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, F-Secure Anti-Virus 9.0.16160.0, Sophos Anti-Virus 4.61.0, Antiy Labs AVL SDK 2.0.3.7, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified class field. NOTE: this may later be S ...
Show More |
|||||
| CVE-2010-3448 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
|
drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 on ThinkPad devices, when the X.Org X server is used, does not properly restrict access to the video output control state, which allows local users to cause a denial of service (system hang) via a (1) read or (2) write operation.
|
|||||
| CVE-2012-1106 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2025-04-11 | 1.9 LOW | N/A |
|
The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly 2.0.8 and earlier, does not properly set the group (GID) permissions on core dump files for setuid programs when the sysctl fs.suid_dumpable option is set to 2, which allows local users to obtain sensitive information.
|
|||||
| CVE-2012-4020 | 1 Mosp | 1 Kintai Kanri | 2025-04-11 | 4.0 MEDIUM | N/A |
|
MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors.
|
|||||
| CVE-2010-1757 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-11 | 6.4 MEDIUM | N/A |
|
WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document.
|
|||||
| CVE-2011-0543 | 1 Fuse | 1 Fuse | 2025-04-11 | 3.3 LOW | N/A |
|
Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.
|
|||||
| CVE-2011-4211 | 1 Google | 1 App Engine Python Sdk | 2025-04-11 | 7.2 HIGH | N/A |
|
The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.
|
|||||
| CVE-2013-0718 | 1 Simeji | 1 Simeji | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Simeji application 4.8.1 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem.
|
|||||
| CVE-2013-5187 | 1 Apple | 1 Mac Os X | 2025-04-11 | 1.9 LOW | N/A |
|
The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state.
|
|||||
| CVE-2011-0988 | 2 Novell, Pureftpd | 2 Suse Linux, Pure-ftpd | 2025-04-11 | 4.4 MEDIUM | N/A |
|
pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors.
|
|||||
| CVE-2011-0227 | 1 Apple | 1 Iphone Os | 2025-04-11 | 7.2 HIGH | N/A |
|
The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application.
|
|||||
| CVE-2012-0466 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 4.0 MEDIUM | N/A |
|
template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1 does not properly handle multiple logins, which allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive bug information via a crafted web page.
|
|||||
| CVE-2012-1441 | 2 Aladdin, Prevx | 2 Esafe, Prevx | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Microsoft EXE file parser in eSafe 7.0.17.0 and Prevx 3.0 allows remote attackers to bypass malware detection via an EXE file with a modified value in any of several e_ fields. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
|
|||||
| CVE-2012-3560 | 1 Opera | 1 Opera Browser | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page.
|
|||||
| CVE-2010-4602 | 1 Ibm | 1 Rational Clearquest | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark.
|
|||||
| CVE-2013-0537 | 1 Ibm | 1 Lotus Sametime | 2025-04-11 | 3.5 LOW | N/A |
|
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of shared links by leveraging meeting-attendance privileges.
|
|||||