Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5691 | 1 Freebsd | 1 Freebsd | 2025-04-11 | 6.9 MEDIUM | N/A |
|
The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application.
|
|||||
| CVE-2013-4404 | 1 Redhat | 1 Enterprise Mrg | 2025-04-11 | 6.5 MEDIUM | N/A |
|
cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors.
|
|||||
| CVE-2013-0348 | 5 Acme, Fedoraproject, Gentoo and 2 more | 5 Thttpd, Fedora, Linux and 2 more | 2025-04-11 | 2.1 LOW | N/A |
|
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
|
|||||
| CVE-2012-0701 | 1 Ibm | 2 Infosphere Datastage, Infosphere Information Server | 2025-04-11 | 6.5 MEDIUM | N/A |
|
The client applications in the DataStage Administrator client in InfoSphere DataStage in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 rely on client-side access control, which allows remote authenticated users to gain privileges via unspecified vectors.
|
|||||
| CVE-2013-2104 | 1 Openstack | 1 Python-keystoneclient | 2025-04-11 | 5.5 MEDIUM | N/A |
|
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after it has expired, or (2) use a revoked token once it expires.
|
|||||
| CVE-2012-2153 | 1 Drupal | 1 Drupal | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page.
|
|||||
| CVE-2013-4878 | 2 Linux, Parallels | 3 Linux Kernel, Parallels Plesk Panel, Parallels Small Business Panel | 2025-04-11 | 7.5 HIGH | N/A |
|
The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.
|
|||||
| CVE-2012-4431 | 1 Apache | 1 Tomcat | 2025-04-11 | 4.3 MEDIUM | N/A |
|
org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
|
|||||
| CVE-2012-3317 | 1 Ibm | 1 Websphere Message Broker | 2025-04-11 | 6.9 MEDIUM | N/A |
|
IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300.
|
|||||
| CVE-2013-4216 | 1 Intel | 1 Wimax Network Service | 2025-04-11 | 2.1 LOW | N/A |
|
The Trace_OpenLogFile function in InfraStack/OSDependent/Linux/InfraStackModules/TraceModule/TraceModule.c in the Trace module in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices uses world-writable permissions for wimaxd.log, which allows local users to cause a denial of service (data corruption) by modifying this file.
|
|||||
| CVE-2013-3107 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-11 | 4.3 MEDIUM | N/A |
|
VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password.
|
|||||
| CVE-2013-4015 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 6.9 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code.
|
|||||
| CVE-2014-1476 | 1 Drupal | 1 Drupal | 2025-04-11 | 4.0 MEDIUM | N/A |
|
The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page.
|
|||||
| CVE-2010-4582 | 1 Opera | 1 Opera Browser | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
|
|||||
| CVE-2012-2566 | 1 Bloxx | 1 Web Filtering | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypass intended IP address and domain restrictions, and trigger misleading log entries, via a crafted header.
|
|||||
| CVE-2013-2133 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2025-04-11 | 5.5 MEDIUM | N/A |
|
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.
|
|||||
| CVE-2012-3698 | 1 Apple | 1 Xcode | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool.
|
|||||
| CVE-2012-4069 | 1 Dir2web | 1 Dir2web | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db.
|
|||||
| CVE-2008-7297 | 1 Opera | 1 Opera Browser | 2025-04-11 | 5.8 MEDIUM | N/A |
|
Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue.
|
|||||
| CVE-2012-3866 | 2 Puppet, Puppetlabs | 3 Puppet, Puppet Enterprise, Puppet | 2025-04-11 | 2.1 LOW | N/A |
|
lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.
|
|||||
| CVE-2012-5897 | 1 Quest | 1 Intrust | 2025-04-11 | 9.3 HIGH | N/A |
|
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.
|
|||||
| CVE-2013-5724 | 1 Debian | 1 Phpbb3 | 2025-04-11 | 2.1 LOW | N/A |
|
Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations.
|
|||||
| CVE-2013-4650 | 1 Mongodb | 1 Mongodb | 2025-04-11 | 6.5 MEDIUM | N/A |
|
MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database.
|
|||||
| CVE-2012-4417 | 1 Gluster | 1 Glusterfs | 2025-04-11 | 3.6 LOW | N/A |
|
GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
|
|||||
| CVE-2012-0427 | 1 Opensuse | 1 Opensuse | 2025-04-11 | 7.2 HIGH | N/A |
|
yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.
|
|||||
| CVE-2011-1974 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2003, Windows Xp | 2025-04-11 | 7.2 HIGH | N/A |
|
NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
|
|||||
| CVE-2013-4067 | 1 Ibm | 1 Infosphere Information Server | 2025-04-11 | 5.8 MEDIUM | N/A |
|
IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to hijack sessions and read cookie values, or conduct phishing attacks to capture credentials, via unspecified vectors.
|
|||||
| CVE-2010-2968 | 1 Windriver | 1 Vxworks | 2025-04-11 | 7.8 HIGH | N/A |
|
The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.
|
|||||
| CVE-2013-5548 | 1 Cisco | 1 Ios | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795.
|
|||||
| CVE-2012-2957 | 1 Symantec | 1 Web Gateway | 2025-04-11 | 7.2 HIGH | N/A |
|
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue.
|
|||||
| CVE-2011-2139 | 6 Adobe, Apple, Google and 3 more | 7 Adobe Air, Flash Player, Mac Os X and 4 more | 2025-04-11 | 6.4 MEDIUM | N/A |
|
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2012-3453 | 1 Debian | 1 Logol | 2025-04-11 | 3.6 LOW | N/A |
|
logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files.
|
|||||
| CVE-2011-4127 | 2 Linux, Suse | 2 Linux Kernel, Linux Enterprise Server | 2025-04-11 | 4.6 MEDIUM | N/A |
|
The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.
|
|||||
| CVE-2013-6400 | 1 Xen | 1 Xen | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to not be flushed and allows local guest administrators to cause a denial of service (host crash) or gain privileges via unspecified vectors.
|
|||||
| CVE-2012-1515 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | 8.3 HIGH | N/A |
|
VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.
|
|||||
| CVE-2011-2495 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
|
fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password.
|
|||||
| CVE-2012-1436 | 5 Ahnlab, Aladdin, Emsisoft and 2 more | 5 V3 Internet Security, Esafe, Anti-malware and 2 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implem ...
Show More |
|||||
| CVE-2012-3973 | 1 Mozilla | 1 Firefox | 2025-04-11 | 7.6 HIGH | N/A |
|
The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port.
|
|||||
| CVE-2012-1611 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a duplicate of CVE-2012-1599.
|
|||||
| CVE-2012-2058 | 2 Drupal, Paypal | 2 Drupal, Ubercart Payflow | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Ubercart Payflow module for Drupal does not use a secure token, which allows remote attackers to forge payments via unspecified vectors.
|
|||||