Total
5248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0346 | 1 Apache | 1 Tomcat | 2025-04-11 | 2.1 LOW | N/A |
| Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information." | |||||
| CVE-2013-6708 | 1 Cisco | 1 Cloud Portal | 2025-04-11 | 5.0 MEDIUM | N/A |
| Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889. | |||||
| CVE-2013-3080 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-11 | 9.0 HIGH | N/A |
| VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access. | |||||
| CVE-2012-3453 | 1 Debian | 1 Logol | 2025-04-11 | 3.6 LOW | N/A |
| logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files. | |||||
| CVE-2010-0306 | 1 Kvm Qumranet | 1 Kvm | 2025-04-11 | 4.1 MEDIUM | N/A |
| The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298. | |||||
| CVE-2010-2685 | 1 Customerparadigm | 1 Pagedirector Cms | 2025-04-11 | 7.5 HIGH | N/A |
| siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not properly restrict access, which allows remote attackers to bypass intended restrictions and add administrative users via a direct request. | |||||
| CVE-2010-2029 | 1 Cybozu | 2 Cybozu Dotsales, Cybozu Office | 2025-04-11 | 5.8 MEDIUM | N/A |
| Cybozu Office 7 Ktai and Dotsales do not properly restrict access to the login page, which allows remote attackers to bypass authentication and obtain or modify sensitive information by using the unique ID of the user's cell phone. | |||||
| CVE-2013-5190 | 1 Apple | 1 Mac Os X | 2025-04-11 | 4.3 MEDIUM | N/A |
| Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by interfering with the revocation-check procedure. | |||||
| CVE-2012-1437 | 1 Comodo | 1 Comodo Antivirus | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Microsoft Office file parser in Comodo Antivirus 7425 allows remote attackers to bypass malware detection via an Office file with a \50\4B\53\70\58 character sequence at a certain location. | |||||
| CVE-2009-4912 | 1 Cisco | 1 Asa 5580 | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876. | |||||
| CVE-2012-2722 | 2 Drupal, Scott Reynen | 2 Drupal, Node Embed | 2025-04-11 | 4.3 MEDIUM | N/A |
| The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles. | |||||
| CVE-2013-0685 | 1 Invensys | 1 Wonderware Information Server | 2025-04-11 | 9.3 HIGH | N/A |
| Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service (resource consumption) via unknown vectors. | |||||
| CVE-2012-3728 | 1 Apple | 1 Iphone Os | 2025-04-11 | 6.9 MEDIUM | N/A |
| The kernel in Apple iOS before 6 dereferences invalid pointers during the handling of packet-filter data structures, which allows local users to gain privileges via a crafted program that makes packet-filter ioctl calls. | |||||
| CVE-2012-0827 | 1 Drupal | 1 Drupal | 2025-04-11 | 3.5 LOW | N/A |
| The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors. | |||||
| CVE-2012-0179 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-11 | 7.2 HIGH | N/A |
| Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." | |||||
| CVE-2013-3978 | 1 Ibm | 1 Sametime | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 does not send the appropriate HTTP response headers to prevent unwanted caching by a web browser, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | |||||
| CVE-2011-1496 | 1 Nicholas Marriott | 1 Tmux | 2025-04-11 | 4.6 MEDIUM | N/A |
| tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option. | |||||
| CVE-2012-1011 | 2 Likno, Wordpress | 2 Allwebmenus Plugin, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
| actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a ZIP file containing a PHP file, then accessing it via a direct request to the file in an unspecified directory. | |||||
| CVE-2012-3478 | 1 Pizzashack | 1 Rssh | 2025-04-11 | 2.1 LOW | N/A |
| rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line. | |||||
| CVE-2011-0532 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Directory Server | 2025-04-11 | 6.2 MEDIUM | N/A |
| The (1) backup and restore scripts, (2) main initialization script, and (3) ldap-agent script in 389 Directory Server 1.2.x (aka Red Hat Directory Server 8.2.x) place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. | |||||