Total
5248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0262 | 1 Microsoft | 1 Windows 7 | 2025-04-11 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." | |||||
| CVE-2011-5102 | 1 Websense | 4 Websense Web Filter, Websense Web Security, Websense Web Security Gateway and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
| The Investigative Reports web interface in the TRITON management console in Websense Web Security 7.1 before Hotfix 109, 7.1.1 before Hotfix 06, 7.5 before Hotfix 78, 7.5.1 before Hotfix 12, 7.6 before Hotfix 24, and 7.6.2 before Hotfix 12; Web Filter; Web Security Gateway; and Web Security Gateway Anywhere allows remote attackers to execute commands via unspecified vectors. | |||||
| CVE-2011-2584 | 1 Cisco | 1 Show And Share | 2025-04-11 | 7.5 HIGH | N/A |
| Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows remote attackers to access the (1) Encoders and Pull Configurations, (2) Push Configurations, (3) Video Encoding Formats, and (4) Transcoding administration pages, and cause a denial of service (live event outage) or obtain potentially sensitive information, via unspecified vectors, aka Bug ID CSCto73758. | |||||
| CVE-2013-5710 | 1 Freebsd | 1 Freebsd | 2025-04-11 | 3.7 LOW | N/A |
| The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance. | |||||
| CVE-2012-2720 | 2 Adam Ross, Drupal | 2 Tokenauth, Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges. | |||||
| CVE-2004-2767 | 1 Novell | 2 Netware, Netware Ftp Server | 2025-04-11 | 4.3 MEDIUM | N/A |
| NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session. | |||||
| CVE-2012-1422 | 4 Cat, Eset, Norman and 1 more | 4 Quick Heal, Nod32 Antivirus, Norman Antivirus \& Antispyware and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial ITSF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
| CVE-2013-1385 | 1 Adobe | 1 Shockwave Player | 2025-04-11 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.0.2.122 does not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors. | |||||
| CVE-2012-2120 | 1 Debian | 1 Texlive-extra-utils | 2025-04-11 | 3.3 LOW | N/A |
| latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2012-3494 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-11 | 2.1 LOW | N/A |
| The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register. | |||||
| CVE-2013-5371 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-11 | 2.1 LOW | N/A |
| The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations. | |||||
| CVE-2010-0168 | 1 Mozilla | 1 Firefox | 2025-04-11 | 7.6 HIGH | N/A |
| The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting. | |||||
| CVE-2013-1813 | 3 Busybox, Redhat, T-mobile | 3 Busybox, Enterprise Linux, Tm-ac1900 | 2025-04-11 | 7.2 HIGH | N/A |
| util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors. | |||||
| CVE-2013-2171 | 1 Freebsd | 1 Freebsd | 2025-04-11 | 6.9 MEDIUM | N/A |
| The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls. | |||||
| CVE-2012-1518 | 1 Vmware | 5 Esx, Esxi, Fusion and 2 more | 2025-04-11 | 8.3 HIGH | N/A |
| VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors. | |||||
| CVE-2012-4400 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field. | |||||
| CVE-2009-5054 | 1 Smarty | 1 Smarty | 2025-04-11 | 7.5 HIGH | N/A |
| Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations. | |||||
| CVE-2013-2997 | 1 Ibm | 1 Security Appscan | 2025-04-11 | 1.7 LOW | N/A |
| IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. | |||||
| CVE-2012-3537 | 1 Dell | 1 Crowbar | 2025-04-11 | 4.6 MEDIUM | N/A |
| The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names. | |||||
| CVE-2010-2784 | 1 Redhat | 2 Enterprise Virtualization, Kvm | 2025-04-11 | 6.6 MEDIUM | N/A |
| The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors. | |||||