Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6657 | 1 Google | 1 Chrome | 2025-04-11 | 6.4 MEDIUM | N/A |
|
core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2012-2267 | 1 Realnetworks | 2 Helix Mobile Server, Helix Server | 2025-04-11 | 5.0 MEDIUM | N/A |
|
master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (daemon crash) by establishing and closing a port-705 TCP connection, a different vulnerability than CVE-2012-1923.
|
|||||
| CVE-2012-2770 | 2 Bestpractical, Mike Peachey | 2 Rt, Authen\ | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Authen::ExternalAuth extension before 0.11 for Best Practical Solutions RT allows remote attackers to obtain a logged-in session via unspecified vectors related to the "URL of a RSS feed of the user."
|
|||||
| CVE-2013-4291 | 1 Redhat | 1 Libvirt | 2025-04-11 | 6.9 MEDIUM | N/A |
|
The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges.
|
|||||
| CVE-2011-1784 | 1 Keepalived | 1 Keepalived | 2025-04-11 | 3.6 LOW | N/A |
|
The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the (1) keepalived.pid, (2) checkers.pid, and (3) vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files.
|
|||||
| CVE-2013-5159 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.3 MEDIUM | N/A |
|
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAME element.
|
|||||
| CVE-2012-0184 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
|
Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability."
|
|||||
| CVE-2011-5093 | 1 Bestpractical | 1 Rt | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092.
|
|||||
| CVE-2011-4213 | 1 Google | 1 App Engine Python Sdk | 2025-04-11 | 7.2 HIGH | N/A |
|
The sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly prevent use of the os module, which allows local users to bypass intended access restrictions and execute arbitrary commands via a file_blob_storage.os reference within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364.
|
|||||
| CVE-2009-4874 | 1 Scripts.oldguy | 1 Talkback | 2025-04-11 | 6.4 MEDIUM | N/A |
|
TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments.
|
|||||
| CVE-2012-0064 | 2 X, Xkeyboard Config Project | 2 X.org X11, Xkeyboard-config | 2025-04-11 | 4.6 MEDIUM | N/A |
|
xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab.
|
|||||
| CVE-2013-3506 | 1 Gwos | 1 Groundwork Monitor | 2025-04-11 | 7.5 HIGH | N/A |
|
cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes (SSI) functionality.
|
|||||
| CVE-2014-0031 | 1 Apache | 1 Cloudstack | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.
|
|||||
| CVE-2011-2367 | 1 Mozilla | 1 Firefox | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors.
|
|||||
| CVE-2011-4220 | 1 Investintech | 1 Slimpdf Reader | 2025-04-11 | 9.3 HIGH | N/A |
|
Investintech.com SlimPDF Reader does not properly restrict the arguments to unspecified function calls, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.
|
|||||
| CVE-2012-0057 | 1 Php | 1 Php | 2025-04-11 | 6.4 MEDIUM | N/A |
|
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
|
|||||
| CVE-2011-1056 | 2 Metasploit, Microsoft | 2 Metasploit Framework, Windows | 2025-04-11 | 6.2 MEDIUM | N/A |
|
The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse.
|
|||||
| CVE-2012-3370 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.
|
|||||
| CVE-2013-6798 | 3 Apple, Blackberry, Microsoft | 3 Mac Os X, Blackberry Link, Windows | 2025-04-11 | 5.8 MEDIUM | N/A |
|
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694.
|
|||||
| CVE-2012-2289 | 1 Emc | 2 Applicationxtender Desktop, Applicationxtender Web Access .net | 2025-04-11 | 7.5 HIGH | N/A |
|
EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors.
|
|||||
| CVE-2013-5972 | 1 Vmware | 2 Player, Workstation | 2025-04-11 | 7.2 HIGH | N/A |
|
VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors.
|
|||||
| CVE-2013-4200 | 1 Plone | 1 Plone | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.
|
|||||
| CVE-2011-3129 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 9.3 HIGH | N/A |
|
The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.
|
|||||
| CVE-2012-3454 | 1 Extplorer | 1 Extplorer | 2025-04-11 | 3.6 LOW | N/A |
|
eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftp_tmp directory, which allows local users to delete or overwrite arbitrary files.
|
|||||
| CVE-2012-0322 | 2 Estrongs, Google | 2 Es File Explorer, Android | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspecified function.
|
|||||
| CVE-2014-0667 | 1 Cisco | 1 Secure Access Control System | 2025-04-11 | 6.3 MEDIUM | N/A |
|
The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169.
|
|||||
| CVE-2011-2018 | 1 Microsoft | 4 Windows 7, Windows Server 2003, Windows Server 2008 and 1 more | 2025-04-11 | 7.2 HIGH | N/A |
|
The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
|
|||||
| CVE-2011-4681 | 1 Opera | 1 Opera Browser | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Opera before 11.60 does not properly consider the number of . (dot) characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as demonstrated by the .no or .uk domain.
|
|||||
| CVE-2011-2729 | 2 Apache, Linux | 3 Apache Commons Daemon, Tomcat, Linux Kernel | 2025-04-11 | 5.0 MEDIUM | N/A |
|
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.
|
|||||
| CVE-2009-5115 | 1 Mcafee | 1 Common Management Agent | 2025-04-11 | 6.5 MEDIUM | N/A |
|
McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object.
|
|||||
| CVE-2013-0276 | 1 Rubyonrails | 1 Rails | 2025-04-11 | 4.3 MEDIUM | N/A |
|
ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request.
|
|||||
| CVE-2011-1500 | 1 Kevinmehall | 1 Pithos | 2025-04-11 | 2.1 LOW | N/A |
|
PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict permissions for the .config/pithos.ini file in a user's home directory, which allows local users to obtain Pandora credentials by reading this file.
|
|||||
| CVE-2010-5078 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 5.0 MEDIUM | N/A |
|
SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain version information via a direct request to (1) apphire/silverstripe_version or (2) cms/silverstripe_version.
|
|||||
| CVE-2012-5482 | 1 Openstack | 3 Essex, Folsom, Image Registry And Delivery Service \(glance\) | 2025-04-11 | 5.5 MEDIUM | N/A |
|
The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573.
|
|||||
| CVE-2012-5217 | 1 Hp | 1 System Management Homepage | 2025-04-11 | 5.0 MEDIUM | N/A |
|
HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2355.
|
|||||
| CVE-2011-1311 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 6.0 MEDIUM | N/A |
|
The Security component in IBM WebSphere Application Server (WAS) before 7.0.0.15, when a J2EE 1.4 application is used, determines the security role mapping on the basis of the ibm-application-bnd.xml file instead of the intended ibm-application-bnd.xmi file, which might allow remote authenticated users to gain privileges in opportunistic circumstances by requesting a service.
|
|||||
| CVE-2009-4799 | 1 Diskos | 1 Diskos Cms | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb.
|
|||||
| CVE-2010-2764 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not properly restrict read access to the statusText property of XMLHttpRequest objects, which allows remote attackers to discover the existence of intranet web servers via cross-origin requests.
|
|||||
| CVE-2013-0685 | 1 Invensys | 1 Wonderware Information Server | 2025-04-11 | 9.3 HIGH | N/A |
|
Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service (resource consumption) via unknown vectors.
|
|||||
| CVE-2010-3983 | 1 Sap | 1 Businessobjects | 2025-04-11 | 9.0 HIGH | N/A |
|
CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property.
|
|||||