Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-5093 | 1 Bestpractical | 1 Rt | 2024-02-28 | 6.5 MEDIUM | N/A |
Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092. | |||||
CVE-2013-2930 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 3.6 LOW | N/A |
The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. | |||||
CVE-2013-2082 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.0 MEDIUM | N/A |
Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request. | |||||
CVE-2012-0174 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2024-02-28 | 1.7 LOW | N/A |
Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." | |||||
CVE-2012-2722 | 2 Drupal, Scott Reynen | 2 Drupal, Node Embed | 2024-02-28 | 4.3 MEDIUM | N/A |
The node selection interface in the WYSIWYG editor (CKEditor) in the Node Embed module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.0 for Drupal does not properly check permissions, which allows remote attackers to bypass intended access restrictions and read node titles. | |||||
CVE-2013-0013 | 1 Microsoft | 6 Windows 7, Windows 8, Windows Rt and 3 more | 2024-02-28 | 5.8 MEDIUM | N/A |
The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability." | |||||
CVE-2012-4477 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to bypass access restrictions via unknown attack vectors. | |||||
CVE-2013-0510 | 1 Ibm | 1 Security Appscan | 2024-02-28 | 4.3 MEDIUM | N/A |
IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test account by capturing these cookies. | |||||
CVE-2013-0687 | 1 Schneider-electric | 1 Micom S1 Studio | 2024-02-28 | 6.6 MEDIUM | N/A |
The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file. | |||||
CVE-2013-6246 | 1 Dell | 1 Quest One Password Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters. | |||||
CVE-2013-5154 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.3 MEDIUM | N/A |
The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | |||||
CVE-2012-6098 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | N/A |
grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature. | |||||
CVE-2013-3057 | 1 Joomla | 1 Joomla\! | 2024-02-28 | 4.0 MEDIUM | N/A |
Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors. | |||||
CVE-2012-4985 | 1 Forescout | 1 Counteract | 2024-02-28 | 4.3 MEDIUM | N/A |
The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ICMP traffic from unrecognized clients, which allows remote attackers to conduct ARP poisoning attacks via crafted packets. | |||||
CVE-2013-2796 | 1 Schneider-electric | 3 Citectscada, Powerlogic Scada, Vijeo Citect | 2024-02-28 | 6.9 MEDIUM | N/A |
Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2013-2934 | 1 Citrix | 1 Cloudportal Services Manager | 2024-02-28 | 10.0 HIGH | N/A |
Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 does not properly restrict access to web services, which has unspecified impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162. | |||||
CVE-2012-0706 | 1 Ibm | 1 Scale Out Network Attached Storage | 2024-02-28 | 3.5 LOW | N/A |
IBM Scale Out Network Attached Storage (SONAS) 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to obtain sensitive server information by leveraging root access to a client machine. | |||||
CVE-2013-4604 | 1 Fortinet | 1 Fortios | 2024-02-28 | 6.5 MEDIUM | N/A |
Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role. | |||||
CVE-2013-1225 | 1 Cisco | 1 Unified Customer Voice Portal | 2024-02-28 | 7.8 HIGH | N/A |
Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366. | |||||
CVE-2014-0031 | 1 Apache | 1 Cloudstack | 2024-02-28 | 4.0 MEDIUM | N/A |
The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request. |