Total
5265 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3292 | 1 Globus | 1 Globus Toolkit | 2026-04-29 | 7.6 HIGH | N/A |
| The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file. | |||||
| CVE-2013-2081 | 1 Moodle | 1 Moodle | 2026-04-29 | 4.3 MEDIUM | N/A |
| Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data. | |||||
| CVE-2010-0511 | 1 Apple | 1 Mac Os X Server | 2026-04-29 | 5.0 MEDIUM | N/A |
| Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified vectors. | |||||
| CVE-2012-2121 | 1 Linux | 1 Linux Kernel | 2026-04-29 | 4.9 MEDIUM | N/A |
| The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices. | |||||
| CVE-2010-5144 | 1 Websense | 3 Websense, Websense Web Filter, Websense Web Security | 2026-04-29 | 4.3 MEDIUM | N/A |
| The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header. | |||||
| CVE-2010-1140 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2026-04-29 | 6.9 MEDIUM | N/A |
| The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk. | |||||
| CVE-2012-1451 | 2 Emsisoft, Ikarus | 2 Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner | 2026-04-29 | 4.3 MEDIUM | N/A |
| The CAB file parser in Emsisoft Anti-Malware 5.1.0.1 and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved2 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | |||||
| CVE-2011-0411 | 1 Postfix | 1 Postfix | 2026-04-29 | 6.8 MEDIUM | N/A |
| The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. | |||||
| CVE-2012-0299 | 1 Symantec | 1 Web Gateway | 2026-04-29 | 10.0 HIGH | N/A |
| The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors. | |||||
| CVE-2012-5469 | 2 Phpmyadmin, Wordpress | 2 Phpmyadmin, Wordpress | 2026-04-29 | 7.5 HIGH | N/A |
| The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. | |||||
| CVE-2010-1116 | 1 Aspindir | 1 Lookmer Muzik Portal | 2026-04-29 | 5.0 MEDIUM | N/A |
| LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb. | |||||
| CVE-2006-7242 | 1 Ibm | 1 Filenet P8 Application Engine | 2026-04-29 | 4.0 MEDIUM | N/A |
| The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2010-4689 | 1 Cisco | 3 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 | 2026-04-29 | 7.8 HIGH | N/A |
| Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.3(2) do not properly preserve ACL behavior after a migration, which allows remote attackers to bypass intended access restrictions via an unspecified type of network traffic that had previously been denied, aka Bug ID CSCte46460. | |||||
| CVE-2011-2527 | 1 Qemu | 1 Qemu | 2026-04-29 | 2.1 LOW | N/A |
| The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host. | |||||
| CVE-2010-0299 | 1 Opensuse | 1 Opensuse | 2026-04-29 | 4.6 MEDIUM | N/A |
| openSUSE 11.2 installs the devtmpfs root directory with insecure permissions (1777), which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2012-4566 | 1 Uninett | 1 Radsecproxy | 2026-04-29 | 6.4 MEDIUM | N/A |
| The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523. | |||||
| CVE-2012-1828 | 1 Efstechnology | 1 Autoform Pdm Archive | 2026-04-29 | 6.5 MEDIUM | N/A |
| The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function. | |||||
| CVE-2011-2368 | 1 Mozilla | 1 Firefox | 2026-04-29 | 10.0 HIGH | N/A |
| The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2012-4903 | 1 Google | 2 Android, Chrome | 2026-04-29 | 5.0 MEDIUM | N/A |
| Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906. | |||||
| CVE-2012-1241 | 1 Artonx.org | 1 Activescriptruby | 2026-04-29 | 7.5 HIGH | N/A |
| GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document. | |||||