Total
5248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2362 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 do not distinguish between cookies for two domain names that differ only in a trailing dot, which allows remote web servers to bypass the Same Origin Policy via Set-Cookie headers. | |||||
| CVE-2013-1768 | 1 Apache | 1 Openjpa | 2025-04-11 | 7.5 HIGH | N/A |
| The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs. | |||||
| CVE-2011-4509 | 1 Siemens | 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more | 2025-04-11 | 10.0 HIGH | N/A |
| The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests. | |||||
| CVE-2013-4034 | 1 Ibm | 1 Cognos Business Intelligence | 2025-04-11 | 4.0 MEDIUM | N/A |
| IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-5538 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506. | |||||
| CVE-2012-4550 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-11 | 6.4 MEDIUM | N/A |
| JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to the EJB. | |||||
| CVE-2012-5543 | 2 Drupal, Feeds Project | 2 Drupal, Feeds | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes via a crafted source feed. | |||||
| CVE-2013-1766 | 1 Redhat | 1 Libvirt | 2025-04-11 | 3.6 LOW | N/A |
| libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. | |||||
| CVE-2012-3317 | 1 Ibm | 1 Websphere Message Broker | 2025-04-11 | 6.9 MEDIUM | N/A |
| IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, and 8.0 before 8.0.0.2 has incorrect ownership of certain uninstaller Java Runtime Environment (JRE) files, which might allow local users to gain privileges by leveraging access to uid 501 or gid 300. | |||||
| CVE-2013-1061 | 2 Canonical, Marc Deslauriers | 2 Ubuntu Linux, Software-properties | 2025-04-11 | 4.6 MEDIUM | N/A |
| dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | |||||
| CVE-2011-5060 | 1 Roderich Schupp | 1 Par-packer Module | 2025-04-11 | 3.3 LOW | N/A |
| The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114. | |||||
| CVE-2013-5148 | 1 Apple | 1 Keynote | 2025-04-11 | 7.2 HIGH | N/A |
| Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation. | |||||
| CVE-2011-4110 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
| The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a user-defined key and "updating a negative key into a fully instantiated key." | |||||
| CVE-2011-4296 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.5 MEDIUM | N/A |
| lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role. | |||||
| CVE-2010-1626 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-11 | 3.6 LOW | N/A |
| MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. | |||||
| CVE-2011-4945 | 1 Michael Biebl | 1 Policykit | 2025-04-11 | 6.9 MEDIUM | N/A |
| PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication. | |||||
| CVE-2013-3370 | 1 Bestpractical | 1 Rt | 2025-04-11 | 6.8 MEDIUM | N/A |
| Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request. | |||||
| CVE-2011-4682 | 1 Opera | 1 Opera Browser | 2025-04-11 | 6.4 MEDIUM | N/A |
| The JavaScript engine in Opera before 11.60 does not properly implement the in operator, which allows remote attackers to bypass the Same Origin Policy via vectors related to variables on different web sites. | |||||
| CVE-2012-0946 | 1 Nvidia | 1 Unix Driver | 2025-04-11 | 4.6 MEDIUM | N/A |
| The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. | |||||
| CVE-2010-0575 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-11 | 5.0 MEDIUM | N/A |
| Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-3034. | |||||