Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-2247 | 2 Drupal, Fast Permissions Administration Project | 2 Drupal, Fast Permission Administration | 2024-02-28 | 7.5 HIGH | N/A |
The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form. | |||||
CVE-2013-5522 | 1 Cisco | 2 Catalyst 3750-x, Ios | 2024-02-28 | 6.8 MEDIUM | N/A |
Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. | |||||
CVE-2010-5190 | 1 Bluecoat | 16 Proxysg, Proxysg Sg210-10, Proxysg Sg210-25 and 13 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities. | |||||
CVE-2013-6316 | 1 Ibm | 1 Websphere Portal | 2024-02-28 | 4.3 MEDIUM | N/A |
IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers to obtain sensitive property information in opportunistic circumstances by leveraging an error in a Web Content Manager (WCM) context processor. | |||||
CVE-2013-4325 | 1 Hp | 1 Linux Imaging And Printing Project | 2024-02-28 | 6.9 MEDIUM | N/A |
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process. | |||||
CVE-2010-5094 | 1 Silverstripe | 1 Silverstripe | 2024-02-28 | 5.0 MEDIUM | N/A |
The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing." | |||||
CVE-2013-2640 | 2 Mailup, Wordpress | 2 Wp-mailup, Wordpress | 2024-02-28 | 5.0 MEDIUM | N/A |
ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731. | |||||
CVE-2012-4833 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 2.1 LOW | N/A |
fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line. | |||||
CVE-2013-1215 | 1 Cisco | 3 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 | 2024-02-28 | 6.8 MEDIUM | N/A |
The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. | |||||
CVE-2012-1826 | 1 Dotcms | 1 Dotcms | 2024-02-28 | 6.0 MEDIUM | N/A |
dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template. | |||||
CVE-2013-6375 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2024-02-28 | 7.9 HIGH | N/A |
Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter." | |||||
CVE-2013-0501 | 1 Ibm | 1 Cognos Disclosure Management | 2024-02-28 | 9.3 HIGH | N/A |
The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this program, via a crafted web site. | |||||
CVE-2012-1515 | 1 Vmware | 2 Esx, Esxi | 2024-02-28 | 8.3 HIGH | N/A |
VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine. | |||||
CVE-2012-3742 | 1 Apple | 1 Iphone Os | 2024-02-28 | 5.0 MEDIUM | N/A |
Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of a web page. | |||||
CVE-2011-2486 | 1 Nspluginwrapper | 1 Nspluginwrapper | 2024-02-28 | 5.0 MEDIUM | N/A |
nspluginwrapper before 1.4.4 does not properly provide access to NPNVprivateModeBool variable settings, which could prevent Firefox plugins from determining if they should run in Private Browsing mode and allow remote attackers to bypass intended access restrictions, as demonstrated using Flash. | |||||
CVE-2012-1968 | 1 Mozilla | 1 Bugzilla | 2024-02-28 | 4.3 MEDIUM | N/A |
Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message. | |||||
CVE-2012-1437 | 1 Comodo | 1 Comodo Antivirus | 2024-02-28 | 4.3 MEDIUM | N/A |
The Microsoft Office file parser in Comodo Antivirus 7425 allows remote attackers to bypass malware detection via an Office file with a \50\4B\53\70\58 character sequence at a certain location. | |||||
CVE-2013-4559 | 3 Debian, Lighttpd, Opensuse | 3 Debian Linux, Lighttpd, Opensuse | 2024-02-28 | 7.6 HIGH | N/A |
lighttpd before 1.4.33 does not check the return value of the (1) setuid, (2) setgid, or (3) setgroups functions, which might cause lighttpd to run as root if it is restarted and allows remote attackers to gain privileges, as demonstrated by multiple calls to the clone function that cause setuid to fail when the user process limit is reached. | |||||
CVE-2013-2263 | 1 Citrix | 1 Access Gateway | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Citrix Access Gateway Standard Edition 5.0.x before 5.0.4.223524 allows remote attackers to access network resources via unknown attack vectors. | |||||
CVE-2012-5458 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2024-02-28 | 8.3 HIGH | N/A |
VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 on Windows use weak permissions for unspecified process threads, which allows host OS users to gain host OS privileges via a crafted application. |