Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3388 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | N/A |
| The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record. | |||||
| CVE-2013-5171 | 1 Apple | 1 Mac Os X | 2024-02-28 | 3.3 LOW | N/A |
| CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. | |||||
| CVE-2012-1452 | 3 Cat, Emsisoft, Ikarus | 3 Quick Heal, Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner | 2024-02-28 | 4.3 MEDIUM | N/A |
| The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a CAB file with a modified reserved1 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | |||||
| CVE-2013-1695 | 1 Mozilla | 1 Firefox | 2024-02-28 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 22.0 does not properly implement certain DocShell inheritance behavior for the sandbox attribute of an IFRAME element, which allows remote attackers to bypass intended access restrictions via a FRAME element within an IFRAME element. | |||||
| CVE-2013-5455 | 1 Ibm | 1 Smartcloud Provisioning | 2024-02-28 | 4.9 MEDIUM | N/A |
| IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems[#].delete command. | |||||
| CVE-2012-1419 | 2 Cat, Clamav | 2 Quick Heal, Clamav | 2024-02-28 | 4.3 MEDIUM | N/A |
| The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
| CVE-2012-2696 | 1 Redhat | 1 Enterprise Virtualization Manager | 2024-02-28 | 2.7 LOW | N/A |
| The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request. | |||||
| CVE-2012-5966 | 1 Dlink | 1 Dsl-2730u | 2024-02-28 | 4.0 MEDIUM | N/A |
| The restricted telnet shell on the D-Link DSL2730U router allows remote authenticated users to bypass intended command restrictions via shell metacharacters that follow a whitelisted command. | |||||
| CVE-2012-0299 | 1 Symantec | 1 Web Gateway | 2024-02-28 | 10.0 HIGH | N/A |
| The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors. | |||||
| CVE-2013-5556 | 1 Cisco | 1 Nexus 1000v | 2024-02-28 | 6.8 MEDIUM | N/A |
| The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340. | |||||
| CVE-2012-1456 | 18 Aladdin, Avg, Cat and 15 more | 20 Esafe, Avg Anti-virus, Quick Heal and 17 more | 2024-02-28 | 4.3 MEDIUM | N/A |
| The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat QuickHeal) 11.00, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a TAR file with an appended ZIP file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
| CVE-2013-6818 | 1 Sap | 1 Netweaver Logviewer | 2024-02-28 | 6.4 MEDIUM | N/A |
| SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2012-1649 | 2 Danielb, Drupal | 2 Cool Aid, Drupal | 2024-02-28 | 4.9 MEDIUM | N/A |
| Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors. | |||||
| CVE-2013-5710 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 3.7 LOW | N/A |
| The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance. | |||||
| CVE-2012-1441 | 2 Aladdin, Prevx | 2 Esafe, Prevx | 2024-02-28 | 4.3 MEDIUM | N/A |
| The Microsoft EXE file parser in eSafe 7.0.17.0 and Prevx 3.0 allows remote attackers to bypass malware detection via an EXE file with a modified value in any of several e_ fields. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. | |||||
| CVE-2013-2776 | 2 Apple, Todd Miller | 2 Mac Os X, Sudo | 2024-02-28 | 4.4 MEDIUM | N/A |
| sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. | |||||
| CVE-2012-4430 | 2 Bacula, Debian | 2 Bacula, Debian Linux | 2024-02-28 | 4.0 MEDIUM | N/A |
| The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 does not properly enforce ACL rules, which allows remote authenticated users to obtain resource dump information via unspecified vectors. | |||||
| CVE-2012-2367 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | N/A |
| Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. | |||||
| CVE-2011-4316 | 1 Redhat | 1 Enterprise Virtualization Manager | 2024-02-28 | 3.7 LOW | N/A |
| Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors. | |||||
| CVE-2012-2702 | 2 Drupal, Tony Freixas | 2 Drupal, Ubercart Product Keys | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid. | |||||