Total
5241 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-6289 | 2 Daniel Lienert, Michael Knoll | 2 Yet Another Gallery, Tools For Extbase Developmen | 2025-04-12 | 7.5 HIGH | N/A |
| The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors. | |||||
| CVE-2014-3350 | 1 Cisco | 1 Cloud Portal | 2025-04-12 | 4.0 MEDIUM | N/A |
| Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870. | |||||
| CVE-2012-3292 | 1 Globus | 1 Globus Toolkit | 2025-04-11 | 7.6 HIGH | N/A |
| The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file. | |||||
| CVE-2013-2081 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.3 MEDIUM | N/A |
| Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data. | |||||
| CVE-2013-2874 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-04-11 | 4.3 MEDIUM | N/A |
| Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures. | |||||
| CVE-2010-0511 | 1 Apple | 1 Mac Os X Server | 2025-04-11 | 5.0 MEDIUM | N/A |
| Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the access restrictions of a Podcast Composer workflow when this workflow is overwritten, which allows attackers to access a workflow via unspecified vectors. | |||||
| CVE-2013-3543 | 1 Axis | 1 Media Control Activex Control | 2025-04-11 | 8.8 HIGH | N/A |
| The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods. | |||||
| CVE-2012-2121 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.9 MEDIUM | N/A |
| The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices. | |||||
| CVE-2013-5965 | 2 Adcisolutions, Drupal | 2 Node View Permissions, Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing. | |||||
| CVE-2010-5144 | 1 Websense | 3 Websense, Websense Web Filter, Websense Web Security | 2025-04-11 | 4.3 MEDIUM | N/A |
| The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header. | |||||
| CVE-2010-1140 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2025-04-11 | 6.9 MEDIUM | N/A |
| The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk. | |||||
| CVE-2013-3519 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2025-04-11 | 7.9 HIGH | N/A |
| lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest OS privileges via an application that performs a crafted memory allocation. | |||||
| CVE-2012-1451 | 2 Emsisoft, Ikarus | 2 Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner | 2025-04-11 | 4.3 MEDIUM | N/A |
| The CAB file parser in Emsisoft Anti-Malware 5.1.0.1 and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved2 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | |||||
| CVE-2013-4200 | 1 Plone | 1 Plone | 2025-04-11 | 5.8 MEDIUM | N/A |
| The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login. | |||||
| CVE-2011-0411 | 1 Postfix | 1 Postfix | 2025-04-11 | 6.8 MEDIUM | N/A |
| The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack. | |||||
| CVE-2012-0299 | 1 Symantec | 1 Web Gateway | 2025-04-11 | 10.0 HIGH | N/A |
| The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors. | |||||
| CVE-2012-5469 | 2 Phpmyadmin, Wordpress | 2 Phpmyadmin, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
| The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod. | |||||
| CVE-2010-1116 | 1 Aspindir | 1 Lookmer Muzik Portal | 2025-04-11 | 5.0 MEDIUM | N/A |
| LookMer Music Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for dbmdb/LookMerSarkiMDB.mdb. | |||||
| CVE-2013-4672 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2025-04-11 | 7.2 HIGH | N/A |
| The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command. | |||||
| CVE-2006-7242 | 1 Ibm | 1 Filenet P8 Application Engine | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||