Total
5248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1907 | 2 Acquia, Drupal | 3 Commons, Commons Group, Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Commons Group module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | |||||
| CVE-2013-0151 | 1 Xen | 1 Xen | 2025-04-11 | 4.6 MEDIUM | N/A |
| The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs. | |||||
| CVE-2013-3985 | 1 Ibm | 1 Lotus Sametime | 2025-04-11 | 2.9 LOW | N/A |
| The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable. | |||||
| CVE-2011-3416 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | 8.5 HIGH | N/A |
| The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability." | |||||
| CVE-2013-1959 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 3.7 LOW | N/A |
| kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process. | |||||
| CVE-2012-3738 | 1 Apple | 1 Iphone Os | 2025-04-11 | 3.6 LOW | N/A |
| The Emergency Dialer screen in the Passcode Lock implementation in Apple iOS before 6 does not properly limit the dialing methods, which allows physically proximate attackers to bypass intended access restrictions and make FaceTime calls through Voice Dialing, or obtain sensitive contact information by attempting to make a FaceTime call and reading the contact suggestions. | |||||
| CVE-2012-1446 | 13 Aladdin, Antiy, Ca and 10 more | 14 Esafe, Avl Sdk, Etrust Vet Antivirus and 11 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee Anti-Virus Scanning Engine 5.400.0.1158, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Norman Antivirus 6.06.12, eSafe 7.0.17.0, Kaspersky Anti-Virus 7.0.0.125, McAfee Gateway (formerly Webwasher) 2010.1C, Sophos Anti-Virus 4.61.0, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified encoding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | |||||
| CVE-2010-1575 | 1 Cisco | 1 Content Services Switch 11500 | 2025-04-11 | 7.5 HIGH | N/A |
| The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690. | |||||
| CVE-2013-4604 | 1 Fortinet | 1 Fortios | 2025-04-11 | 6.5 MEDIUM | N/A |
| Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role. | |||||
| CVE-2011-2471 | 1 Maynard Johnson | 1 Oprofile | 2025-04-11 | 7.2 HIGH | N/A |
| utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760. | |||||
| CVE-2013-3062 | 1 Sap | 1 Production Planning And Control | 2025-04-11 | 6.5 MEDIUM | N/A |
| The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. | |||||
| CVE-2011-0321 | 1 Emc | 1 Networker | 2025-04-11 | 6.4 MEDIUM | N/A |
| librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before 7.5.3.5, and 7.6.x before 7.6.1.2 does not properly mitigate the possibility of a spoofed localhost source IP address, which allows remote attackers to (1) register or (2) unregister RPC services, and consequently cause a denial of service or obtain sensitive information from interprocess communication, via crafted UDP packets containing service commands. | |||||
| CVE-2013-1958 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 1.9 LOW | N/A |
| The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created. | |||||
| CVE-2008-7251 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 10.0 HIGH | N/A |
| libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. | |||||
| CVE-2011-2201 | 2 Mark Stosberg, Perl | 2 Data\, Perl | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input. | |||||
| CVE-2013-4633 | 1 Huawei | 1 Seco Versatile Security Manager | 2025-04-11 | 9.0 HIGH | N/A |
| Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting. | |||||
| CVE-2011-5057 | 1 Apache | 1 Struts | 2025-04-11 | 5.0 MEDIUM | N/A |
| Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attackers to modify run-time data values via a crafted parameter to an application that implements an affected interface, as demonstrated by the SessionAware, RequestAware, ApplicationAware, ServletRequestAware, ServletResponseAware, and ParameterAware interfaces. NOTE: the vendor disputes the significance of this report because of an "easy work-around in existing apps by configuring the interceptor." | |||||
| CVE-2004-2769 | 1 Cerberusftp | 1 Ftp Server | 2025-04-11 | 4.0 MEDIUM | N/A |
| Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands. | |||||
| CVE-2013-5521 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-11 | 5.0 MEDIUM | N/A |
| Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287. | |||||
| CVE-2013-5178 | 1 Apple | 1 Mac Os X | 2025-04-11 | 5.0 MEDIUM | N/A |
| LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence. | |||||