Total
9116 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1114 | 3 Debian, Fedoraproject, Ldap-account-manager | 3 Debian Linux, Fedora, Ldap Account Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php. | |||||
| CVE-2012-1105 | 3 Apereo, Debian, Fedoraproject | 3 Phpcas, Debian Linux, Fedora | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner. | |||||
| CVE-2012-1104 | 3 Apereo, Debian, Linux | 3 Phpcas, Debian Linux, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed. | |||||
| CVE-2012-1096 | 2 Debian, Gnome | 2 Debian Linux, Networkmanager | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. | |||||
| CVE-2012-1093 | 1 Debian | 2 Debian Linux, X11-common | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. | |||||
| CVE-2012-0844 | 2 Debian, Netsurf-browser | 2 Debian Linux, Netsurf | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Information-disclosure vulnerability in Netsurf through 2.8 due to a world-readable cookie jar. | |||||
| CVE-2012-0843 | 2 Debian, Uzbl | 2 Debian Linux, Uzbl | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| uzbl: Information disclosure via world-readable cookies storage file | |||||
| CVE-2012-0842 | 2 Debian, Suckless | 2 Debian Linux, Surf | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| surf: cookie jar has read access from other local user | |||||
| CVE-2012-0812 | 2 Debian, Postfix Admin Project | 2 Debian Linux, Postfix Admin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PostfixAdmin 2.3.4 has multiple XSS vulnerabilities | |||||
| CVE-2012-0051 | 2 Debian, Tahoe-lafs | 2 Debian Linux, Tahoe-lafs | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| Tahoe-LAFS 1.9.0 fails to ensure integrity which allows remote attackers to corrupt mutable files or directories upon retrieval. | |||||
| CVE-2012-0049 | 3 Debian, Fedoraproject, Openttd | 3 Debian Linux, Fedora, Openttd | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| OpenTTD before 1.1.5 contains a Denial of Service (slow read attack) that prevents users from joining the server. | |||||
| CVE-2011-4968 | 2 Debian, F5 | 2 Debian Linux, Nginx | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM) | |||||
| CVE-2011-4931 | 2 Debian, Gpw Project | 2 Debian Linux, Gpw | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| gpw generates shorter passwords than required | |||||
| CVE-2011-4915 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| fs/proc/base.c in the Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /proc/interrupts. | |||||
| CVE-2011-4900 | 2 Debian, Typo3 | 2 Debian Linux, Typo3 | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| TYPO3 before 4.5.4 allows Information Disclosure in the backend. | |||||
| CVE-2011-4625 | 2 Debian, Simplesamlphp | 2 Debian Linux, Simplesamlphp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| simplesamlphp before 1.6.3 (squeeze) and before 1.8.2 (sid) incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages. | |||||
| CVE-2011-4350 | 2 Debian, Yaws | 2 Debian Linux, Yaws | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request. | |||||
| CVE-2011-4120 | 3 Debian, Linux, Yubico | 3 Debian Linux, Linux Kernel, Pam Module | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Yubico PAM Module before 2.10 performed user authentication when 'use_first_pass' PAM configuration option was not used and the module was configured as 'sufficient' in the PAM configuration. A remote attacker could use this flaw to circumvent common authentication process and obtain access to the account in question by providing a NULL value (pressing Ctrl-D keyboard sequence) as the password string. | |||||
| CVE-2011-4082 | 2 Debian, Phpldapadmin Project | 2 Debian Linux, Phpldapadmin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A local file inclusion flaw was found in the way the phpLDAPadmin before 0.9.8 processed certain values of the "Accept-Language" HTTP header. A remote attacker could use this flaw to cause a denial of service via specially-crafted request. | |||||
| CVE-2011-3632 | 3 Debian, Hardlink Project, Redhat | 3 Debian Linux, Hardlink, Enterprise Linux | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. | |||||