Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2356 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.
|
|||||
| CVE-2013-6230 | 1 Isc | 1 Bind | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask.
|
|||||
| CVE-2012-2313 | 3 Linux, Novell, Redhat | 8 Linux Kernel, Suse Linux Enterprise Server, Enterprise Linux and 5 more | 2025-04-11 | 1.2 LOW | N/A |
|
The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call.
|
|||||
| CVE-2010-2296 | 1 Google | 1 Chrome | 2025-04-11 | 9.3 HIGH | N/A |
|
The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors.
|
|||||
| CVE-2012-4225 | 1 Nvidia | 1 Unix Graphic Driver | 2025-04-11 | 7.2 HIGH | N/A |
|
NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows local users to write to arbitrary physical memory locations and gain privileges by modifying the VGA window using /dev/nvidia0.
|
|||||
| CVE-2012-1833 | 1 Springsource | 1 Grails | 2025-04-11 | 5.0 MEDIUM | N/A |
|
VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application.
|
|||||
| CVE-2013-4428 | 2 Canonical, Openstack | 2 Ubuntu Linux, Glance | 2025-04-11 | 3.5 LOW | N/A |
|
OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID.
|
|||||
| CVE-2013-5156 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon.
|
|||||
| CVE-2011-4688 | 1 Mozilla | 1 Firefox | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Mozilla Firefox 8.0.1 and earlier does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
|
|||||
| CVE-2013-6660 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site.
|
|||||
| CVE-2012-3009 | 1 Siemens | 1 Comos | 2025-04-11 | 8.5 HIGH | N/A |
|
Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls.
|
|||||
| CVE-2012-1439 | 4 Aladdin, Fortinet, Pandasecurity and 1 more | 4 Esafe, Fortinet Antivirus, Panda Antivirus and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified padding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
|
|||||
| CVE-2011-4718 | 1 Php | 1 Php | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.
|
|||||
| CVE-2011-1149 | 1 Google | 1 Android | 2025-04-11 | 7.2 HIGH | N/A |
|
Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK.
|
|||||
| CVE-2014-0678 | 1 Cisco | 1 Secure Access Control System | 2025-04-11 | 5.5 MEDIUM | N/A |
|
The portal interface in Cisco Secure Access Control System (ACS) does not properly manage sessions, which allows remote authenticated users to hijack sessions and gain privileges via unspecified vectors, aka Bug ID CSCue65951.
|
|||||
| CVE-2010-4274 | 1 Ibm | 1 Director Agent | 2025-04-11 | 4.4 MEDIUM | N/A |
|
reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership.
|
|||||
| CVE-2012-1250 | 1 Logitech | 4 Lan-w300n\/r, Lan-w300n\/rs, Lan-w300n\/ru2 and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
|
Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication.
|
|||||
| CVE-2011-4939 | 1 Pidgin | 1 Pidgin | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat room.
|
|||||
| CVE-2012-0298 | 1 Symantec | 1 Web Gateway | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors.
|
|||||
| CVE-2011-3006 | 1 Mcafee | 1 Saas Endpoint Protection | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain execution policy using a cross-site scripting (XSS) attack, execute arbitrary code using the MyASUtil.InstallInfo.RunUserProgram function, and possibly conduct other unspecified attacks.
|
|||||
| CVE-2013-4326 | 2 Lennart Poettering, Redhat | 2 Rkit, Enterprise Linux | 2025-04-11 | 4.6 MEDIUM | N/A |
|
RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
|
|||||
| CVE-2010-2843 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-11 | 9.0 HIGH | N/A |
|
Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-3033.
|
|||||
| CVE-2012-3558 | 1 Opera | 1 Opera Browser | 2025-04-11 | 2.6 LOW | N/A |
|
Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects.
|
|||||
| CVE-2013-1033 | 1 Apple | 1 Mac Os X | 2025-04-11 | 5.5 MEDIUM | N/A |
|
Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access.
|
|||||
| CVE-2011-1420 | 2 Emc, Oracle | 2 Data Protection Advisor Collector, Solaris Sparc | 2025-04-11 | 7.2 HIGH | N/A |
|
EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
|
|||||
| CVE-2011-4689 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript code.
|
|||||
| CVE-2010-5297 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 2.1 LOW | N/A |
|
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change.
|
|||||
| CVE-2011-0348 | 1 Cisco | 2 Content Services Gateway Second Generation, Ios | 2025-04-11 | 6.4 MEDIUM | N/A |
|
Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before 12.4(24)MD3, 12.4(22)MDA before 12.4(22)MDA5, and 12.4(24)MDA before 12.4(24)MDA3 on the Cisco Content Services Gateway Second Generation (aka CSG2) allows remote attackers to bypass intended access restrictions and intended billing restrictions by sending HTTP traffic to a restricted destination after sending HTTP traffic to an unrestricted destination, aka Bug ID CSCtk35917.
|
|||||
| CVE-2012-4203 | 1 Mozilla | 1 Firefox | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark.
|
|||||
| CVE-2012-3386 | 1 Gnu | 1 Automake | 2025-04-11 | 4.4 MEDIUM | N/A |
|
The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2010-0542 | 1 Apple | 1 Cups | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.
|
|||||
| CVE-2013-1139 | 1 Cisco | 1 Cloud Portal | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134.
|
|||||
| CVE-2012-6117 | 1 Redhat | 1 Cloudforms Cloud Engine | 2025-04-11 | 2.1 LOW | N/A |
|
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file.
|
|||||
| CVE-2013-2242 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
|
mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server.
|
|||||
| CVE-2012-4413 | 1 Openstack | 1 Keystone | 2025-04-11 | 4.0 MEDIUM | N/A |
|
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
|
|||||
| CVE-2013-0257 | 2 David Alkire, Drupal | 2 Email2image, Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields.
|
|||||
| CVE-2010-1204 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search."
|
|||||
| CVE-2011-5102 | 1 Websense | 4 Websense Web Filter, Websense Web Security, Websense Web Security Gateway and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
|
The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12; Web Filter; Web Security Gateway; and Web Security Gateway Anywhere allows remote attackers to execute commands via unspecified vectors.
|
|||||
| CVE-2013-6271 | 1 Google | 1 Android | 2025-04-11 | 8.8 HIGH | N/A |
|
Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option.
|
|||||
| CVE-2010-0306 | 1 Kvm Qumranet | 1 Kvm | 2025-04-11 | 4.1 MEDIUM | N/A |
|
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298.
|
|||||