Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-2566 | 1 Bloxx | 1 Web Filtering | 2024-02-28 | 5.0 MEDIUM | N/A |
Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypass intended IP address and domain restrictions, and trigger misleading log entries, via a crafted header. | |||||
CVE-2012-4522 | 1 Ruby-lang | 1 Ruby | 2024-02-28 | 5.0 MEDIUM | N/A |
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path. | |||||
CVE-2013-4943 | 1 Siemens | 1 Comos | 2024-02-28 | 7.2 HIGH | N/A |
The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access. | |||||
CVE-2012-2359 | 1 Moodle | 1 Moodle | 2024-02-28 | 6.5 MEDIUM | N/A |
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability. | |||||
CVE-2013-2079 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | N/A |
mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role. | |||||
CVE-2011-4080 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.0 MEDIUM | N/A |
The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux kernel before 2.6.39 does not require the CAP_SYS_ADMIN capability to modify the dmesg_restrict value, which allows local users to bypass intended access restrictions and read the kernel ring buffer by leveraging root privileges, as demonstrated by a root user in a Linux Containers (aka LXC) environment. | |||||
CVE-2013-4938 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.3 MEDIUM | N/A |
The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values. | |||||
CVE-2013-0155 | 2 Debian, Rubyonrails | 3 Debian Linux, Rails, Ruby On Rails | 2024-02-28 | 6.4 MEDIUM | N/A |
Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694. | |||||
CVE-2013-5724 | 1 Debian | 1 Phpbb3 | 2024-02-28 | 2.1 LOW | N/A |
Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations. | |||||
CVE-2013-5598 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-28 | 8.3 HIGH | N/A |
PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object. | |||||
CVE-2012-3537 | 1 Dell | 1 Crowbar | 2024-02-28 | 4.6 MEDIUM | N/A |
The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names. | |||||
CVE-2012-4730 | 1 Bestpractical | 1 Rt | 2024-02-28 | 3.5 LOW | N/A |
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. | |||||
CVE-2013-5463 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 4.3 MEDIUM | N/A |
The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file. | |||||
CVE-2012-2282 | 1 Emc | 3 Celerra Network Server, Vnx, Vnxe | 2024-02-28 | 6.5 MEDIUM | N/A |
EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request. | |||||
CVE-2012-3577 | 2 Nmedia, Wordpress | 2 Member Conversation, Wordpress | 2024-02-28 | 7.5 HIGH | N/A |
Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads. | |||||
CVE-2012-2693 | 1 Redhat | 1 Libvirt | 2024-02-28 | 3.7 LOW | N/A |
libvirt, possibly before 0.9.12, does not properly assign USB devices to virtual machines when multiple devices have the same vendor and product ID, which might cause the wrong device to be associated with a guest and might allow local users to access unintended USB devices. | |||||
CVE-2013-4277 | 1 Apache | 1 Subversion | 2024-02-28 | 3.3 LOW | N/A |
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. | |||||
CVE-2013-3445 | 1 Cisco | 1 Identity Services Engine | 2024-02-28 | 5.0 MEDIUM | N/A |
The firewall subsystem in Cisco Identity Services Engine has an incorrect rule for open ports, which allows remote attackers to cause a denial of service (CPU consumption or process crash) via a flood of malformed IP packets, aka Bug ID CSCug94572. | |||||
CVE-2012-5523 | 1 Mantisbt | 1 Mantisbt | 2024-02-28 | 5.5 MEDIUM | N/A |
core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive information by adding a note to a bug before losing permission to view that bug. | |||||
CVE-2011-4287 | 1 Moodle | 1 Moodle | 2024-02-28 | 6.8 MEDIUM | N/A |
admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user. |