Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3037 | 1 Ibm | 1 Rational Requirements Composer | 2025-04-11 | 4.4 MEDIUM | N/A |
|
Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors.
|
|||||
| CVE-2012-0475 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 2.6 LOW | N/A |
|
Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 do not properly construct the Origin and Sec-WebSocket-Origin HTTP headers, which might allow remote attackers to bypass an IPv6 literal ACL via a cross-site (1) XMLHttpRequest or (2) WebSocket operation involving a nonstandard port number and an IPv6 address that contains certain zero fields.
|
|||||
| CVE-2013-6412 | 1 Augeas | 1 Augeas | 2025-04-11 | 4.6 MEDIUM | N/A |
|
The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors.
|
|||||
| CVE-2011-1665 | 1 Phpboost | 1 Phpboost | 2025-04-11 | 5.0 MEDIUM | N/A |
|
PHPBoost 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain backup SQL files via a direct request for predictable filenames in cache/backup/.
|
|||||
| CVE-2013-1836 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access.
|
|||||
| CVE-2012-6106 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.5 MEDIUM | N/A |
|
calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object.
|
|||||
| CVE-2012-0679 | 1 Apple | 1 Safari | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Apple Safari before 6.0 allows remote attackers to read arbitrary files via a feed:// URL.
|
|||||
| CVE-2011-2145 | 3 Freebsd, Oracle, Vmware | 7 Freebsd, Solaris, Esx and 4 more | 2025-04-11 | 6.3 MEDIUM | N/A |
|
mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware Workstation 7.1.x before 7.1.4, VMware Player 3.1.x before 3.1.4, VMware Fusion 3.1.x before 3.1.3, VMware ESXi 3.5 through 4.1, and VMware ESX 3.0.3 through 4.1, when a Solaris or FreeBSD guest OS is used, allows guest OS users to modify arbitrary guest OS files via unspecified vectors, related to a "procedural error."
|
|||||
| CVE-2013-4027 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | 6.5 MEDIUM | N/A |
|
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
|
|||||
| CVE-2011-4606 | 1 Artsoft | 1 Rocks\'n\'diamonds | 2025-04-11 | 3.6 LOW | N/A |
|
Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory.
|
|||||
| CVE-2009-5002 | 1 Ibm | 1 Filenet P8 Application Engine | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection.
|
|||||
| CVE-2012-4934 | 1 Tomatocart | 1 Tomatocart | 2025-04-11 | 3.5 LOW | N/A |
|
TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL.
|
|||||
| CVE-2013-3062 | 1 Sap | 1 Production Planning And Control | 2025-04-11 | 6.5 MEDIUM | N/A |
|
The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.
|
|||||
| CVE-2011-2330 | 1 Ibm | 1 Tivoli Management Framework | 2025-04-11 | 9.0 HIGH | N/A |
|
Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send requests to restricted pages via a session on TCP port 9495, a different vulnerability than CVE-2011-1220.
|
|||||
| CVE-2010-4547 | 1 Ibm | 1 Lotus Notes Traveler | 2025-04-11 | 3.5 LOW | N/A |
|
IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain environment is used, does not properly apply policy documents to mobile users from a different Domino domain than the Traveler server, which allows remote authenticated users to bypass intended access restrictions by using credentials from a different domain.
|
|||||
| CVE-2011-3440 | 1 Apple | 2 Ipad2, Iphone Os | 2025-04-11 | 1.2 LOW | N/A |
|
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
|
|||||
| CVE-2012-0691 | 1 Broadcom | 1 License Software | 2025-04-11 | 7.2 HIGH | N/A |
|
CA License (aka CA Licensing) before 1.90.03 does not properly restrict system commands, which allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2012-5543 | 2 Drupal, Feeds Project | 2 Drupal, Feeds | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed.
|
|||||
| CVE-2011-3337 | 4 Eeye, Hp, Sgi and 1 more | 5 Digital Security Audits, Retina Network Security Scanner, Hp-ux and 2 more | 2025-04-11 | 6.9 MEDIUM | N/A |
|
eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 for eEye Retina Network Security Scanner on HP-UX, IRIX, and Solaris allows local users to gain privileges via a Trojan horse gauntlet program in an arbitrary directory under /usr/local/.
|
|||||
| CVE-2014-0854 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
|
|||||
| CVE-2012-2730 | 2 Alexis Wilke, Drupal | 2 Protected Node, Drupal | 2025-04-11 | 7.5 HIGH | N/A |
|
The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not properly "protect node access when nodes are accessed outside of the standard node view," which allows remote attackers to bypass intended access restrictions.
|
|||||
| CVE-2013-1957 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.7 MEDIUM | N/A |
|
The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only property of a filesystem by leveraging a separate mount namespace.
|
|||||
| CVE-2010-4689 | 1 Cisco | 3 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 | 2025-04-11 | 7.8 HIGH | N/A |
|
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network traffic that had previously been denied, aka Bug ID CSCte46460.
|
|||||
| CVE-2011-3214 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 4.6 MEDIUM | N/A |
|
IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors.
|
|||||
| CVE-2013-6129 | 1 Vbulletin | 1 Vbulletin | 2025-04-11 | 7.5 HIGH | N/A |
|
The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote attackers to create administrative accounts via the customerid, htmldata[password], htmldata[confirmpassword], and htmldata[email] parameters, as exploited in the wild in October 2013.
|
|||||
| CVE-2012-1445 | 4 Aladdin, Fortinet, Pandasecurity and 1 more | 4 Esafe, Fortinet Antivirus, Panda Antivirus and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abi field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
|
|||||
| CVE-2011-0260 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 4.6 MEDIUM | N/A |
|
The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window from receiving keystrokes in the locked-screen state, which might allow physically proximate attackers to bypass intended access restrictions by typing into this window.
|
|||||
| CVE-2012-3241 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-11 | 7.5 HIGH | N/A |
|
The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands.
|
|||||
| CVE-2014-0719 | 1 Cisco | 1 Ips Sensor Software | 2025-04-11 | 7.8 HIGH | N/A |
|
The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394.
|
|||||
| CVE-2012-3512 | 1 Munin-monitoring | 1 Munin | 2025-04-11 | 7.2 HIGH | N/A |
|
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
|
|||||
| CVE-2012-1313 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 6.5 MEDIUM | N/A |
|
The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772.
|
|||||
| CVE-2013-1280 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | 7.2 HIGH | N/A |
|
The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
|
|||||
| CVE-2011-1984 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2003, Windows Server 2008 | 2025-04-11 | 7.2 HIGH | N/A |
|
WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
|
|||||
| CVE-2013-2373 | 1 Tibco | 1 Spotfire Web Player | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
|
|||||
| CVE-2012-1644 | 2 Drupal, Gizra | 2 Drupal, Og Vocab | 2025-04-11 | 2.1 LOW | N/A |
|
The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors.
|
|||||
| CVE-2011-5058 | 1 3ssoftware | 1 Codesys | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request.
|
|||||
| CVE-2012-0827 | 1 Drupal | 1 Drupal | 2025-04-11 | 3.5 LOW | N/A |
|
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors.
|
|||||
| CVE-2013-0969 | 1 Apple | 1 Mac Os X | 2025-04-11 | 4.9 MEDIUM | N/A |
|
Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of the keyboard.
|
|||||
| CVE-2012-4593 | 1 Mcafee | 2 Application Control, Change Control | 2025-04-11 | 5.0 MEDIUM | N/A |
|
McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command.
|
|||||
| CVE-2013-3175 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2025-04-11 | 10.0 HIGH | N/A |
|
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a malformed asynchronous RPC request, aka "Remote Procedure Call Vulnerability."
|
|||||