Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1031 | 1 Apple | 1 Mac Os X | 2025-04-11 | 3.3 LOW | N/A |
|
Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver.
|
|||||
| CVE-2013-0151 | 1 Xen | 1 Xen | 2025-04-11 | 4.6 MEDIUM | N/A |
|
The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.
|
|||||
| CVE-2011-2547 | 1 Cisco | 4 Sa500 Software, Sa520, Sa520w and 1 more | 2025-04-11 | 9.0 HIGH | N/A |
|
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681.
|
|||||
| CVE-2011-5057 | 1 Apache | 1 Struts | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance ...
Show More |
|||||
| CVE-2013-4401 | 1 Redhat | 1 Libvirt | 2025-04-11 | 8.5 HIGH | N/A |
|
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-7301 | 1 Craig Drummond | 1 Cantata | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.
|
|||||
| CVE-2010-0230 | 1 Suse | 2 Opensuse, Suse Linux | 2025-04-11 | 7.5 HIGH | N/A |
|
SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
|
|||||
| CVE-2013-2200 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.0 MEDIUM | N/A |
|
WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors.
|
|||||
| CVE-2013-5975 | 1 F5 | 1 Big-ip Access Policy Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
|
|||||
| CVE-2012-5385 | 1 Webcalendar Project | 1 Webcalendar | 2025-04-11 | 7.5 HIGH | N/A |
|
install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference.
|
|||||
| CVE-2013-4445 | 2 Drupal, Steven Jones | 2 Drupal, Context | 2025-04-11 | 4.9 MEDIUM | N/A |
|
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access.
|
|||||
| CVE-2011-4701 | 2 Android, Hatena | 2 Android, Callconfirm | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted application.
|
|||||
| CVE-2010-2929 | 1 Pharscape | 1 Hsolink | 2025-04-11 | 7.2 HIGH | N/A |
|
Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the (1) route, (2) mv, and (3) cp programs, a different vulnerability than CVE-2010-1671.
|
|||||
| CVE-2013-4733 | 2 Digital Alert Systems, Monroe Electronics | 2 Dasdec Eas, R189 One-net Eas | 2025-04-11 | 7.8 HIGH | N/A |
|
The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files.
|
|||||
| CVE-2012-3385 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 5.0 MEDIUM | N/A |
|
WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors.
|
|||||
| CVE-2012-2994 | 1 Cososys | 1 Endpoint Protector Appliace 4 | 2025-04-11 | 7.5 HIGH | N/A |
|
The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force attack.
|
|||||
| CVE-2012-1828 | 1 Efstechnology | 1 Autoform Pdm Archive | 2025-04-11 | 6.5 MEDIUM | N/A |
|
The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function.
|
|||||
| CVE-2011-0539 | 1 Openbsd | 1 Openssh | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
|
|||||
| CVE-2012-5918 | 1 Razorcms | 1 Razorcms | 2025-04-11 | 4.0 MEDIUM | N/A |
|
razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory.
|
|||||
| CVE-2009-4820 | 1 Aspindir | 1 Angelo-emlak | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb.
|
|||||
| CVE-2012-4464 | 1 Ruby-lang | 1 Ruby | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the (1) exc_to_s or (2) name_err_to_s API function, which marks the string as tainted, a different vulnerability than CVE-2012-4466. NOTE: this issue might exist because of a CVE-2011-1005 regression.
|
|||||
| CVE-2013-3601 | 1 Trivantis | 1 Coursemill Learning Management System | 2025-04-11 | 6.0 MEDIUM | N/A |
|
Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter.
|
|||||
| CVE-2012-4035 | 1 Pbboard | 1 Pbboard | 2025-04-11 | 7.5 HIGH | N/A |
|
The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.
|
|||||
| CVE-2011-1376 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.6 MEDIUM | N/A |
|
iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.
|
|||||
| CVE-2013-6823 | 1 Sap | 1 Netweaver | 2025-04-11 | 6.4 MEDIUM | N/A |
|
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors.
|
|||||
| CVE-2010-1975 | 1 Postgresql | 1 Postgresql | 2025-04-11 | 5.5 MEDIUM | N/A |
|
PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, and 8.4 before 8.4.4 does not properly check privileges during certain RESET ALL operations, which allows remote authenticated users to remove arbitrary parameter settings via a (1) ALTER USER or (2) ALTER DATABASE statement.
|
|||||
| CVE-2012-5299 | 1 Mavili Guestbook Project | 1 Mavili Guestbook | 2025-04-11 | 7.5 HIGH | N/A |
|
Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3) approve.asp.
|
|||||
| CVE-2010-0218 | 1 Isc | 1 Bind | 2025-04-11 | 5.0 MEDIUM | N/A |
|
ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query.
|
|||||
| CVE-2012-4498 | 2 Drupal, Morbus Iff | 2 Drupal, Activism | 2025-04-11 | 7.5 HIGH | N/A |
|
The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly have other unspecified impact.
|
|||||
| CVE-2012-5218 | 1 Hp | 1 Elitepad | 2025-04-11 | 7.2 HIGH | N/A |
|
HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating systems via unspecified vectors.
|
|||||
| CVE-2012-4730 | 1 Bestpractical | 1 Rt | 2025-04-11 | 3.5 LOW | N/A |
|
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors.
|
|||||
| CVE-2011-0989 | 2 Mono, Novell | 2 Mono, Moonlight | 2025-04-11 | 5.8 MEDIUM | N/A |
|
The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, does not properly restrict data types, which allows remote attackers to modify internal read-only data structures, and cause a denial of service (plugin crash) or corrupt the internal state of the security manager, via a crafted media file, as demonstrated by modifying a C# struct.
|
|||||
| CVE-2012-2314 | 1 Fedoraproject | 1 Anaconda | 2025-04-11 | 2.1 LOW | N/A |
|
The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks.
|
|||||
| CVE-2013-6945 | 1 Osehra | 1 Vista | 2025-04-11 | 7.5 HIGH | N/A |
|
The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw."
|
|||||
| CVE-2010-2242 | 1 Libvirt | 1 Libvirt | 2025-04-11 | 2.1 LOW | N/A |
|
Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree.
|
|||||
| CVE-2011-0290 | 3 Lotus, Microsoft, Rim | 3 Domino, Exchange Server, Blackberry Enterprise Server | 2025-04-11 | 6.5 MEDIUM | N/A |
|
The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors.
|
|||||
| CVE-2012-1598 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability."
|
|||||
| CVE-2013-5489 | 1 Cisco | 1 Socialminer | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The gadget implementation in Cisco SocialMiner does not properly restrict the content of GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, aka Bug ID CSCuh74125.
|
|||||
| CVE-2010-0522 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | 9.0 HIGH | N/A |
|
Server Admin in Apple Mac OS X Server 10.5.8 does not properly determine the privileges of users who had former membership in the admin group, which allows remote authenticated users to leverage this former membership to obtain a server connection via screen sharing.
|
|||||
| CVE-2007-6735 | 1 Novell | 2 Netware, Netware Ftp Server | 2025-04-11 | 7.5 HIGH | N/A |
|
NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session.
|
|||||