Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4289 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | N/A |
| Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page. | |||||
| CVE-2013-5420 | 1 Ibm | 1 Security Access Manager For Enterprise Single Sign-on | 2024-02-28 | 3.5 LOW | N/A |
| The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request. | |||||
| CVE-2013-5149 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.3 MEDIUM | N/A |
| The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | |||||
| CVE-2012-5179 | 1 Boatmob | 2 Boat Browser, Boat Browser Mini | 2024-02-28 | 2.1 LOW | N/A |
| The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2012-4816 | 1 Ibm | 1 Rational Automation Framework | 2024-02-28 | 7.5 HIGH | N/A |
| IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080. | |||||
| CVE-2010-5291 | 1 Amberdms | 1 Amberdms Billing System | 2024-02-28 | 6.4 MEDIUM | N/A |
| Amberdms Billing System (ABS) before 1.4.1 does not properly implement blacklisting after detection of invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||||
| CVE-2012-2957 | 1 Symantec | 1 Web Gateway | 2024-02-28 | 7.2 HIGH | N/A |
| The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows local users to gain privileges by modifying files, related to a "file inclusion" issue. | |||||
| CVE-2013-1048 | 1 Debian | 1 Apache2 | 2024-02-28 | 4.6 MEDIUM | N/A |
| The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack. | |||||
| CVE-2012-2439 | 1 Netgear | 1 Prosafe Fvs318n | 2024-02-28 | 7.5 HIGH | N/A |
| The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2013-0248 | 1 Apache | 1 Commons Fileupload | 2024-02-28 | 3.3 LOW | N/A |
| The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack. | |||||
| CVE-2013-6617 | 1 Saltstack | 1 Salt | 2024-02-28 | 10.0 HIGH | N/A |
| The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges. | |||||
| CVE-2012-4903 | 1 Google | 2 Android, Chrome | 2024-02-28 | 5.0 MEDIUM | N/A |
| Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906. | |||||
| CVE-2013-3276 | 1 Emc | 1 Rsa Archer Egrc | 2024-02-28 | 6.0 MEDIUM | N/A |
| EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to bypass intended access restrictions and complete a login by leveraging a deactivated account. | |||||
| CVE-2011-1585 | 2 Linux, Suse | 2 Linux Kernel, Suse Linux Enterprise Server | 2024-02-28 | 3.3 LOW | N/A |
| The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel before 2.6.36 does not properly determine the associations between users and sessions, which allows local users to bypass CIFS share authentication by leveraging a mount of a share by a different user. | |||||
| CVE-2012-5471 | 1 Moodle | 1 Moodle | 2024-02-28 | 6.5 MEDIUM | N/A |
| The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout. | |||||
| CVE-2012-6118 | 1 Redhat | 1 Aeolus Conductor | 2024-02-28 | 5.5 MEDIUM | N/A |
| The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting. | |||||
| CVE-2012-2153 | 1 Drupal | 1 Drupal | 2024-02-28 | 4.0 MEDIUM | N/A |
| Drupal 7.x before 7.14 does not properly restrict access to nodes in a list when using a "contributed node access module," which allows remote authenticated users with the "Access the content overview page" permission to read all published nodes by accessing the admin/content page. | |||||
| CVE-2012-1895 | 1 Microsoft | 6 .net Framework, Windows 7, Windows Server 2003 and 3 more | 2024-02-28 | 9.3 HIGH | N/A |
| The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability." | |||||
| CVE-2013-0921 | 1 Google | 1 Chrome | 2024-02-28 | 6.8 MEDIUM | N/A |
| The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site. | |||||
| CVE-2013-4777 | 2 Google, Motorola | 2 Android, Defy Xt | 2024-02-28 | 6.9 MEDIUM | N/A |
| A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object. | |||||