Total
5248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4355 | 1 Gnu | 1 Gdb | 2025-04-11 | 6.9 MEDIUM | N/A |
| GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts. | |||||
| CVE-2012-5458 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2025-04-11 | 8.3 HIGH | N/A |
| VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application. | |||||
| CVE-2011-2600 | 1 Microsoft | 1 Windows Xp | 2025-04-11 | 7.1 HIGH | N/A |
| The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK. | |||||
| CVE-2012-3866 | 2 Puppet, Puppetlabs | 3 Puppet, Puppet Enterprise, Puppet | 2025-04-11 | 2.1 LOW | N/A |
| lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file. | |||||
| CVE-2013-1830 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
| user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search. | |||||
| CVE-2010-3498 | 1 Avg | 1 Anti-virus | 2025-04-11 | 6.4 MEDIUM | N/A |
| AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. | |||||
| CVE-2010-2465 | 3 Linearcorp, S2sys, Sonitrol | 4 Emerge 50, Emerge 5000, Netbox and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests. | |||||
| CVE-2013-5364 | 2 Redhat, Secunia | 2 Enterprise Linux, Csi Agent | 2025-04-11 | 3.6 LOW | N/A |
| Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configuration by modifying this file. | |||||
| CVE-2013-6417 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-11 | 6.4 MEDIUM | N/A |
| actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155. | |||||
| CVE-2011-5270 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.0 MEDIUM | N/A |
| wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role. | |||||
| CVE-2012-3729 | 1 Apple | 1 Iphone Os | 2025-04-11 | 1.9 LOW | N/A |
| The Berkeley Packet Filter (BPF) interpreter implementation in the kernel in Apple iOS before 6 accesses uninitialized memory locations, which allows local users to obtain sensitive information about the layout of kernel memory via a crafted program that uses a BPF interface. | |||||
| CVE-2010-2442 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets." | |||||
| CVE-2013-6426 | 1 Openstack | 1 Heat | 2025-04-11 | 4.0 MEDIUM | N/A |
| The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and (1) create a stack via the CreateStack method or (2) update a stack via the UpdateStack method. | |||||
| CVE-2012-1599 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 5.0 MEDIUM | N/A |
| Joomla! 1.5.x before 1.5.26 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end information" via unknown vectors. NOTE: this might be a duplicate of CVE-2012-1611. | |||||
| CVE-2013-1897 | 1 Fedoraproject | 1 389 Directory Server | 2025-04-11 | 2.6 LOW | N/A |
| The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search. | |||||
| CVE-2012-1420 | 11 Authentium, Cat, Eset and 8 more | 11 Command Antivirus, Quick Heal, Nod32 Antivirus and 8 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
| CVE-2010-2455 | 1 Opera | 1 Opera Browser | 2025-04-11 | 4.3 MEDIUM | N/A |
| Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document's content, which might allow remote attackers to conduct spoofing attacks via a crafted HTML document, a related issue to CVE-2010-1206. | |||||
| CVE-2013-0979 | 1 Apple | 1 Iphone Os | 2025-04-11 | 1.9 LOW | N/A |
| lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. | |||||
| CVE-2011-3140 | 1 Ibm | 3 G400 Ips-g400-ib-1 Appliance, Gx4004 Ips-gx4004-ib-2 Appliance, Web Application Firewall | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a dangerous parameter value into substrings, as demonstrated by a SQL statement that is split across multiple iid parameters and then sent to a .aspx file on an IIS web server. | |||||
| CVE-2013-5188 | 1 Apple | 1 Mac Os X | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state. | |||||