Total
5248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4302 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | 5.0 MEDIUM | N/A |
| (1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ApiMain.php, (5) ApiQueryDeletedrevs.php, (6) ApiTokens.php, and (7) ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the cross-site request forgery (CSRF) protection mechanism via a JSONP request to wiki/api.php. | |||||
| CVE-2010-4215 | 1 Foswiki | 1 Foswiki | 2025-04-11 | 6.5 MEDIUM | N/A |
| UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup. | |||||
| CVE-2012-3504 | 1 Fedoraproject | 1 Crypto-utils | 2025-04-11 | 3.6 LOW | N/A |
| The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 allows local users to overwrite arbitrary files via a symlink attack on the "list" file in the current working directory. | |||||
| CVE-2011-2157 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | 5.0 MEDIUM | N/A |
| The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form fields. | |||||
| CVE-2010-0007 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
| net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application. | |||||
| CVE-2003-1594 | 1 Novell | 2 Netware, Netware Ftp Server | 2025-04-11 | 7.5 HIGH | N/A |
| NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session. | |||||
| CVE-2011-2739 | 1 Emc | 1 Documentum Eroom | 2025-04-11 | 8.5 HIGH | N/A |
| The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x before 7.4.3.g does not properly restrict the uploading and opening of files with dangerous file types, which allows remote authenticated users to execute arbitrary code via an uploaded file. | |||||
| CVE-2013-5701 | 1 Watchguard | 1 Server Center | 2025-04-11 | 7.2 HIGH | N/A |
| Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and possibly earlier allow local users to gain privileges via a Trojan horse wgpr.dll file in the application's bin directory. | |||||
| CVE-2013-5522 | 1 Cisco | 2 Catalyst 3750-x, Ios | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. | |||||
| CVE-2012-6432 | 1 Sensiolabs | 1 Symfony | 2025-04-11 | 6.8 MEDIUM | N/A |
| Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /_internal substring. | |||||
| CVE-2013-1033 | 1 Apple | 1 Mac Os X | 2025-04-11 | 5.5 MEDIUM | N/A |
| Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. | |||||
| CVE-2010-0512 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 9.3 HIGH | N/A |
| The Accounts Preferences implementation in Apple Mac OS X 10.6 before 10.6.3, when a network account server is used, does not support Login Window access control that is based solely on group membership, which allows attackers to bypass intended access restrictions by entering login credentials. | |||||
| CVE-2010-3707 | 1 Dovecot | 1 Dovecot | 2025-04-11 | 5.5 MEDIUM | N/A |
| plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox. | |||||
| CVE-2012-2123 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 7.2 HIGH | N/A |
| The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR. | |||||
| CVE-2010-2973 | 1 Apple | 3 Ipad, Iphone Os, Ipod Touch | 2025-04-11 | 6.9 MEDIUM | N/A |
| Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone and iPod touch, and before 3.2.2 on the iPad, allows local users to gain privileges via vectors involving IOSurface properties, as demonstrated by JailbreakMe. | |||||
| CVE-2013-4661 | 1 Civicrm | 1 Civicrm | 2025-04-11 | 4.9 MEDIUM | N/A |
| CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with the "access CiviCRM" permission to bypass intended access restrictions, as demonstrated by accessing custom contribution data without having the "access CiviContribute" permission. | |||||
| CVE-2012-4522 | 1 Ruby-lang | 1 Ruby | 2025-04-11 | 5.0 MEDIUM | N/A |
| The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path. | |||||
| CVE-2014-1213 | 1 Sophos | 2 Scanning Engine, Sophos Anti-virus | 2025-04-11 | 5.6 MEDIUM | N/A |
| Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, which allows local users to bypass anti-virus protection, cause a denial of service (resource consumption, CPU consumption, and eventual crash) or spoof "ready for update" messages by performing certain operations on mutexes or events including (1) DataUpdateRequest, (2) MmfMutexSAV-****, (3) MmfMutexSAV-Info, (4) ReadyForUpdateSAV-****, (5) ReadyForUpdateSAV-Info, (6) SAV-****, (7) SAV-Info, (8) StateChange, (9) SuspendedSAV-****, (10) SuspendedSAV-Info, (11) UpdateComplete, (12) UpdateMutex, (13) UpdateRequest, or (14) SophosALMonSessionInstance, as demonstrated by triggering a ReadyForUpdateSAV event and modifying the UpdateComplete, UpdateMutex, and UpdateRequest objects. | |||||
| CVE-2011-0330 | 1 Dell | 1 Dellsystemlite.scanner Activex Control | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute arbitrary WMI Query Language (WQL) statements via a crafted value, as demonstrated by a value that triggers disclosure of information about installed software. | |||||
| CVE-2013-0261 | 1 Openstack | 2 Essex, Folsom | 2025-04-11 | 4.4 MEDIUM | N/A |
| (1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. | |||||