Total
5248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2337 | 1 Todd Miller | 1 Sudo | 2025-04-11 | 7.2 HIGH | N/A |
| sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address. | |||||
| CVE-2010-3898 | 1 Ibm | 1 Omnifind | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict the cookie path of administrator (aka ESAdmin) cookies, which might allow remote attackers to bypass authentication by leveraging access to other pages on the web site. | |||||
| CVE-2012-2010 | 1 Hp | 1 Openvms | 2025-04-11 | 6.9 MEDIUM | N/A |
| The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha platform, and 8.3, 8.3-1H1, and 8.4 on the Itanium platform, when the SYS$ACM system service is enabled, allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2013-4707 | 1 Dlink | 2 Des-3810, Des-3810 Firmware | 2025-04-11 | 6.3 MEDIUM | N/A |
| The SSH implementation on D-Link Japan DES-3810 devices with firmware before R2.20.011 allows remote authenticated users to cause a denial of service (device hang) by leveraging login access. | |||||
| CVE-2010-4340 | 1 Apache | 1 Libcloud | 2025-04-11 | 4.3 MEDIUM | N/A |
| libcloud before 0.4.1 does not verify SSL certificates for HTTPS connections, which allows remote attackers to spoof certificates and bypass intended access restrictions via a man-in-the-middle (MITM) attack. | |||||
| CVE-2012-3321 | 1 Ibm | 1 Smartcloud Control Desk | 2025-04-11 | 6.5 MEDIUM | N/A |
| IBM SmartCloud Control Desk 7.5 allows remote authenticated users to bypass intended access restrictions via vectors involving an expired password. | |||||
| CVE-2010-1130 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
| session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot). | |||||
| CVE-2013-1182 | 1 Cisco | 6 Unified Computing System 6120xp Fabric Interconnect, Unified Computing System 6140xp Fabric Interconnect, Unified Computing System 6248up Fabric Interconnect and 3 more | 2025-04-11 | 9.3 HIGH | N/A |
| The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207. | |||||
| CVE-2013-6436 | 1 Redhat | 1 Libvirt | 2025-04-11 | 2.1 LOW | N/A |
| The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt 1.0.5 through 1.2.0 does not properly check the status of LXC guests when reading memory tunables, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) via a guest in the shutdown status, as demonstrated by the "virsh memtune" command. | |||||
| CVE-2012-1649 | 2 Danielb, Drupal | 2 Cool Aid, Drupal | 2025-04-11 | 4.9 MEDIUM | N/A |
| Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors. | |||||
| CVE-2012-1598 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors related to "insufficient randomness" and a "password reset vulnerability." | |||||
| CVE-2012-1450 | 3 Emsisoft, Ikarus, Sophos | 3 Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner, Sophos Anti-virus | 2025-04-11 | 4.3 MEDIUM | N/A |
| The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Sophos Anti-Virus 4.61.0, and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved3 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | |||||
| CVE-2013-2246 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time. | |||||
| CVE-2013-3601 | 1 Trivantis | 1 Coursemill Learning Management System | 2025-04-11 | 6.0 MEDIUM | N/A |
| Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter. | |||||
| CVE-2014-0031 | 1 Apache | 1 Cloudstack | 2025-04-11 | 4.0 MEDIUM | N/A |
| The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request. | |||||
| CVE-2012-2292 | 1 Emc | 2 Rsa Archer Egrc, Rsa Archer Smartsuite | 2025-04-11 | 7.5 HIGH | N/A |
| The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2011-4865 | 2 Google, Tencent | 3 Android, Microblogpad, Wblog | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application. | |||||
| CVE-2013-3055 | 1 Lexmark | 1 Markvision | 2025-04-11 | 9.3 HIGH | N/A |
| Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors. | |||||
| CVE-2009-4799 | 1 Diskos | 1 Diskos Cms | 2025-04-11 | 5.0 MEDIUM | N/A |
| Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb. | |||||
| CVE-2009-5115 | 1 Mcafee | 1 Common Management Agent | 2025-04-11 | 6.5 MEDIUM | N/A |
| McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 through 3.6.0.608, and McAfee Agent 4.0 before Patch 3, allows remote authenticated users to overwrite arbitrary files by accessing a report-writing ActiveX control COM object. | |||||