Total
5248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2300 | 1 Pm9 | 1 Flickwnn | 2025-04-11 | 5.0 MEDIUM | N/A |
| The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. | |||||
| CVE-2011-1946 | 1 Hongli Lai | 1 Libgnomesu | 2025-04-11 | 7.2 HIGH | N/A |
| gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes under one of these accounts. | |||||
| CVE-2010-2860 | 1 Emc | 1 Celerra Network Attached Storage | 2025-04-11 | 9.3 HIGH | N/A |
| The EMC Celerra Network Attached Storage (NAS) appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data directory via NFS requests. | |||||
| CVE-2010-0215 | 1 Activecollab | 1 Activecollab | 2025-04-11 | 6.0 MEDIUM | N/A |
| ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL. | |||||
| CVE-2012-2355 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. | |||||
| CVE-2012-5417 | 1 Cisco | 1 Prime Data Center Network Manager | 2025-04-11 | 10.0 HIGH | N/A |
| Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands via JBoss Application Server Remote Method Invocation (RMI) services, aka Bug ID CSCtz44924. | |||||
| CVE-2011-4295 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.5 MEDIUM | N/A |
| The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment. | |||||
| CVE-2011-3436 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.5 MEDIUM | N/A |
| Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a user to provide the current password before changing this password, which allows remote attackers to bypass intended password-change restrictions by leveraging an unattended workstation. | |||||
| CVE-2012-0733 | 1 Ibm | 1 Rational Appscan | 2025-04-11 | 6.0 MEDIUM | N/A |
| IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account. | |||||
| CVE-2013-4152 | 2 Springsource, Vmware | 2 Spring Framework, Spring Framework | 2025-04-11 | 6.8 MEDIUM | N/A |
| The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue. | |||||
| CVE-2012-2111 | 1 Samba | 1 Samba | 2025-04-11 | 6.5 MEDIUM | N/A |
| The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) RemoveAccountRights LSA RPC procedures in smbd in Samba 3.4.x before 3.4.17, 3.5.x before 3.5.15, and 3.6.x before 3.6.5 do not properly restrict modifications to the privileges database, which allows remote authenticated users to obtain the "take ownership" privilege via an LSA connection. | |||||
| CVE-2013-3438 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2025-04-11 | 5.0 MEDIUM | N/A |
| The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385. | |||||
| CVE-2011-4863 | 2 Google, Tencent | 2 Android, Qqpimsecure | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS/MMS messages and a contact list via a crafted application. | |||||
| CVE-2011-2165 | 1 Watchguard | 1 Xcs | 2025-04-11 | 6.8 MEDIUM | N/A |
| The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | |||||
| CVE-2013-3107 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-11 | 4.3 MEDIUM | N/A |
| VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password. | |||||
| CVE-2011-1709 | 1 Gnome | 2 Gdm, Glib | 2025-04-11 | 7.2 HIGH | N/A |
| GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. | |||||
| CVE-2012-2073 | 2 Drupal, Kristof De Jaeger | 2 Drupal, Bundle Copy | 2025-04-11 | 6.0 MEDIUM | N/A |
| The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2011-1898 | 1 Citrix | 1 Xen | 2025-04-11 | 7.4 HIGH | N/A |
| Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers." | |||||
| CVE-2012-4471 | 2 Dominique Clause, Drupal | 2 Search Autocomplete, Drupal | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does not properly restrict access to the module admin page, which allows remote attackers to disable an autocompletion or change the priority order via unspecified vectors. | |||||
| CVE-2012-2356 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. | |||||