Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-1450 | 3 Emsisoft, Ikarus, Sophos | 3 Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner, Sophos Anti-virus | 2024-02-28 | 4.3 MEDIUM | N/A |
The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Sophos Anti-Virus 4.61.0, and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved3 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | |||||
CVE-2013-1920 | 1 Xen | 1 Xen | 2024-02-28 | 4.4 MEDIUM | N/A |
Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. | |||||
CVE-2012-1590 | 1 Drupal | 1 Drupal | 2024-02-28 | 4.0 MEDIUM | N/A |
The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page. | |||||
CVE-2013-5548 | 1 Cisco | 1 Ios | 2024-02-28 | 4.3 MEDIUM | N/A |
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795. | |||||
CVE-2013-0315 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2024-02-28 | 5.0 MEDIUM | N/A |
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack. | |||||
CVE-2013-1652 | 3 Canonical, Puppet, Puppetlabs | 4 Ubuntu Linux, Puppet, Puppet Enterprise and 1 more | 2024-02-28 | 4.9 MEDIUM | N/A |
Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2 allows remote authenticated users with a valid certificate and private key to read arbitrary catalogs or poison the master's cache via unspecified vectors. | |||||
CVE-2013-3496 | 1 Infotecs | 4 Vipnet Client, Vipnet Coordinator, Vipnet Personal Firewall and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file. | |||||
CVE-2012-2101 | 1 Openstack | 1 Nova | 2024-02-28 | 3.5 LOW | N/A |
Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules. | |||||
CVE-2012-4495 | 2 Drupal, Mime Mail Module Project | 2 Drupal, Mimemail | 2024-02-28 | 4.0 MEDIUM | N/A |
The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments. | |||||
CVE-2013-4445 | 2 Drupal, Steven Jones | 2 Drupal, Context | 2024-02-28 | 4.9 MEDIUM | N/A |
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access. | |||||
CVE-2013-0914 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 3.6 LOW | N/A |
The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. | |||||
CVE-2012-6106 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.5 MEDIUM | N/A |
calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object. | |||||
CVE-2013-4182 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2024-02-28 | 7.5 HIGH | N/A |
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request. | |||||
CVE-2013-4356 | 1 Xen | 1 Xen | 2024-02-28 | 5.4 MEDIUM | N/A |
Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash). | |||||
CVE-2013-0208 | 2 Canonical, Openstack | 3 Ubuntu Linux, Essex, Folsom | 2024-02-28 | 6.5 MEDIUM | N/A |
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter. | |||||
CVE-2012-1427 | 3 Cat, Norman, Sophos | 3 Quick Heal, Norman Antivirus \& Antispyware, Sophos Anti-virus | 2024-02-28 | 4.3 MEDIUM | N/A |
The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
CVE-2013-0924 | 1 Google | 1 Chrome | 2024-02-28 | 7.5 HIGH | N/A |
The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors. | |||||
CVE-2012-2179 | 1 Ibm | 1 Aix | 2024-02-28 | 6.9 MEDIUM | N/A |
libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
CVE-2013-1922 | 1 Xen | 1 Xen | 2024-02-28 | 3.3 LOW | N/A |
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004. | |||||
CVE-2012-1966 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-28 | 4.3 MEDIUM | N/A |
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL. |