Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4294 | 1 Openstack | 1 Keystone | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token.
|
|||||
| CVE-2013-4277 | 1 Apache | 1 Subversion | 2025-04-11 | 3.3 LOW | N/A |
|
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option.
|
|||||
| CVE-2013-2874 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures.
|
|||||
| CVE-2010-1912 | 1 Consona | 3 Consona Dynamic Agent, Consona Live Assistance, Consona Subscriber Assistance | 2025-04-11 | 9.3 HIGH | N/A |
|
The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks."
|
|||||
| CVE-2010-1171 | 1 Redhat | 1 Satellite | 2025-04-11 | 5.5 MEDIUM | N/A |
|
Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files for channels.
|
|||||
| CVE-2012-3743 | 1 Apple | 1 Iphone Os | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The System Logs implementation in Apple iOS before 6 does not restrict /var/log access by sandboxed apps, which allows remote attackers to obtain sensitive information via a crafted app that reads log files.
|
|||||
| CVE-2013-1925 | 1 Chaos Tool Suite Project | 1 Ctools | 2025-04-11 | 3.5 LOW | N/A |
|
The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list.
|
|||||
| CVE-2012-6100 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
|
report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report.
|
|||||
| CVE-2011-0468 | 1 Opensuse | 1 Opensuse | 2025-04-11 | 6.9 MEDIUM | N/A |
|
The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and before 11.4-54.62.1 in openSUSE 11.4, allows local users to gain privileges via shell metacharacters in a filename, related to tab expansion.
|
|||||
| CVE-2013-1110 | 1 Cisco | 1 Webex Training Center | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu81065.
|
|||||
| CVE-2010-4021 | 1 Mit | 1 Kerberos 5 | 2025-04-11 | 2.1 LOW | N/A |
|
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."
|
|||||
| CVE-2010-0545 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 4.4 MEDIUM | N/A |
|
The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations.
|
|||||
| CVE-2010-3304 | 1 Dovecot | 1 Dovecot | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.
|
|||||
| CVE-2011-1921 | 1 Apache | 1 Subversion | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz short_circuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to obtain sensitive information via a replay REPORT operation.
|
|||||
| CVE-2011-3257 | 1 Apple | 1 Iphone Os | 2025-04-11 | 2.1 LOW | N/A |
|
The Data Access component in Apple iOS before 5 does not properly handle the existence of multiple user accounts on the same mail server, which allows local users to bypass intended access restrictions in opportunistic circumstances by leveraging a different account's cookie.
|
|||||
| CVE-2013-1662 | 1 Vmware | 2 Player, Workstation | 2025-04-11 | 6.9 MEDIUM | N/A |
|
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.
|
|||||
| CVE-2013-1345 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2025-04-11 | 7.2 HIGH | N/A |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
|
|||||
| CVE-2010-3194 | 1 Ibm | 1 Db2 | 2025-04-11 | 7.5 HIGH | N/A |
|
The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.
|
|||||
| CVE-2012-2355 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.
|
|||||
| CVE-2010-1326 | 1 March-hare | 2 Cvs Suite, Cvsnt | 2025-04-11 | 9.3 HIGH | N/A |
|
perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance.
|
|||||
| CVE-2014-0622 | 1 Emc | 1 Documentum Foundation Services | 2025-04-11 | 9.0 HIGH | N/A |
|
The web service in EMC Documentum Foundation Services (DFS) 6.5 through 6.7 before 6.7 SP1 P22, 6.7 SP2 before P08, 7.0 before P12, and 7.1 before P01 does not properly implement content uploading, which allows remote authenticated users to bypass intended content access restrictions via unspecified vectors.
|
|||||
| CVE-2012-2292 | 1 Emc | 2 Rsa Archer Egrc, Rsa Archer Smartsuite | 2025-04-11 | 7.5 HIGH | N/A |
|
The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
|
|||||
| CVE-2013-3405 | 1 Cisco | 1 Telepresence Tc Software | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The web portal in TC software on Cisco TelePresence endpoints does not require an exact password match during a login attempt by a user who has not configured a password, which allows remote attackers to bypass authentication by sending an arbitrary password, aka Bug ID CSCud96071.
|
|||||
| CVE-2010-0057 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 7.5 HIGH | N/A |
|
AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use of AFP shares when guest access is disabled, which allows remote attackers to bypass intended access restrictions via a mount request.
|
|||||
| CVE-2010-3895 | 1 Ibm | 1 Omnifind | 2025-04-11 | 7.2 HIGH | N/A |
|
esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument.
|
|||||
| CVE-2010-2441 | 1 Apple | 1 Webkit | 2025-04-11 | 4.3 MEDIUM | N/A |
|
WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295.
|
|||||
| CVE-2012-5557 | 2 Drupal, User Read-only Project | 2 Drupal, User Readonly | 2025-04-11 | 3.6 LOW | N/A |
|
The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain operations, as demonstrated by changing a password.
|
|||||
| CVE-2012-0875 | 1 Systemtap | 1 Systemtap | 2025-04-11 | 5.4 MEDIUM | N/A |
|
SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic and crash) via vectors related to crafted DWARF data, which triggers a read of an invalid pointer.
|
|||||
| CVE-2012-1447 | 4 Aladdin, Drweb, Fortinet and 1 more | 4 Esafe, Dr.web Antivirus, Fortinet Antivirus and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations.
|
|||||
| CVE-2011-4288 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
|
Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.
|
|||||
| CVE-2012-4408 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.5 MEDIUM | N/A |
|
course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.
|
|||||
| CVE-2012-5155 | 2 Apple, Google | 2 Mac Os X, Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
|
Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.
|
|||||
| CVE-2013-4633 | 1 Huawei | 1 Seco Versatile Security Manager | 2025-04-11 | 9.0 HIGH | N/A |
|
Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting.
|
|||||
| CVE-2011-5092 | 1 Bestpractical | 1 Rt | 2025-04-11 | 7.5 HIGH | N/A |
|
Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 allows remote attackers to execute arbitrary code and gain privileges via unspecified vectors, a different vulnerability than CVE-2011-4458 and CVE-2011-5093.
|
|||||
| CVE-2013-5973 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | 4.4 MEDIUM | N/A |
|
VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename.
|
|||||
| CVE-2011-4300 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.
|
|||||
| CVE-2013-7042 | 1 Novell | 1 Suse Lifecycle Management Server | 2025-04-11 | 4.6 MEDIUM | N/A |
|
SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2010-2532 | 1 Opensuse | 1 Opensuse | 2025-04-11 | 7.2 HIGH | N/A |
|
lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments.
|
|||||
| CVE-2008-7283 | 1 Otrs | 1 Otrs | 2025-04-11 | 6.0 MEDIUM | N/A |
|
Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions.
|
|||||
| CVE-2014-0839 | 1 Ibm | 1 Rational Focal Point | 2025-04-11 | 4.0 MEDIUM | N/A |
|
IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference.
|
|||||