Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4328 | 1 Gnu | 1 Gnash | 2024-02-28 | 5.0 MEDIUM | N/A |
| plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information. | |||||
| CVE-2013-2242 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | N/A |
| mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server. | |||||
| CVE-2013-2997 | 1 Ibm | 1 Security Appscan | 2024-02-28 | 1.7 LOW | N/A |
| IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. | |||||
| CVE-2013-3005 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 8.5 HIGH | N/A |
| The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors. | |||||
| CVE-2011-4347 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.0 MEDIUM | N/A |
| The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation. | |||||
| CVE-2013-1635 | 1 Php | 1 Php | 2024-02-28 | 7.5 HIGH | N/A |
| ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. | |||||
| CVE-2012-4572 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform | 2024-02-28 | 3.7 LOW | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application. | |||||
| CVE-2011-0523 | 1 Iain | 1 Gypsy | 2024-02-28 | 1.9 LOW | N/A |
| gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors. | |||||
| CVE-2012-0427 | 1 Opensuse | 1 Opensuse | 2024-02-28 | 7.2 HIGH | N/A |
| yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name. | |||||
| CVE-2013-1031 | 1 Apple | 1 Mac Os X | 2024-02-28 | 3.3 LOW | N/A |
| Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver. | |||||
| CVE-2013-4497 | 1 Openstack | 3 Folsom, Grizzly, Havana | 2024-02-28 | 6.4 MEDIUM | N/A |
| The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. | |||||
| CVE-2013-1195 | 1 Cisco | 2 Adaptive Security Appliance Software, Firewall Services Module | 2024-02-28 | 5.0 MEDIUM | N/A |
| The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range command, which allows remote attackers to bypass intended access restrictions by sending network traffic during denied time periods, aka Bug IDs CSCuf79091 and CSCug45850. | |||||
| CVE-2013-2207 | 2 Fedoraproject, Gnu | 2 Fedora, Glibc | 2024-02-28 | 2.6 LOW | N/A |
| pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. | |||||
| CVE-2013-2122 | 2 Drupal, Quade | 2 Drupal, Edit Limit | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors. | |||||
| CVE-2013-6373 | 1 Jenkins-ci | 1 Exclusion | 2024-02-28 | 5.5 MEDIUM | N/A |
| The Exclusion plugin before 0.9 for Jenkins does not properly prevent access to resource locks, which allows remote authenticated users to list and release resources via unspecified vectors. | |||||
| CVE-2013-2065 | 2 Opensuse, Ruby-lang | 2 Opensuse, Ruby | 2024-02-28 | 6.4 MEDIUM | N/A |
| (1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 before 2.0.0 patchlevel 195, do not perform taint checking for native functions, which allows context-dependent attackers to bypass intended $SAFE level restrictions. | |||||
| CVE-2012-1439 | 4 Aladdin, Fortinet, Pandasecurity and 1 more | 4 Esafe, Fortinet Antivirus, Panda Antivirus and 1 more | 2024-02-28 | 4.3 MEDIUM | N/A |
| The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified padding field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | |||||
| CVE-2012-1154 | 1 Redhat | 2 Jboss Enterprise Application Platform, Mod Cluster | 2024-02-28 | 4.3 MEDIUM | N/A |
| mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, which allows remote attackers to bypass access restrictions and gain access to applications deployed on the root context via unspecified vectors. | |||||
| CVE-2012-2289 | 1 Emc | 2 Applicationxtender Desktop, Applicationxtender Web Access .net | 2024-02-28 | 7.5 HIGH | N/A |
| EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender Web Access .NET before 6.5 SP2 allow remote attackers to upload files to any location, and possibly execute arbitrary code, via unspecified vectors. | |||||
| CVE-2012-3447 | 1 Openstack | 2 Folsom, Nova | 2024-02-28 | 4.9 MEDIUM | N/A |
| virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 and Folsom before Folsom-3 allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image that uses a symlink that is only readable by root. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3361. | |||||