Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4402 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.9 MEDIUM | N/A |
webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service. | |||||
CVE-2012-1623 | 2 Aidanlister, Drupal | 2 Regcode, Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions. | |||||
CVE-2012-3484 | 1 Google | 1 Tunnelblick | 2024-02-28 | 7.2 HIGH | N/A |
Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share. | |||||
CVE-2013-2373 | 1 Tibco | 1 Spotfire Web Player | 2024-02-28 | 6.4 MEDIUM | N/A |
The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | |||||
CVE-2013-1067 | 1 Canonical | 1 Ubuntu Linux | 2024-02-28 | 4.9 MEDIUM | N/A |
Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file. | |||||
CVE-2012-3488 | 1 Postgresql | 1 Postgresql | 2024-02-28 | 4.9 MEDIUM | N/A |
The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, 8.4 before 8.4.13, 9.0 before 9.0.9, and 9.1 before 9.1.5 does not properly restrict access to files and URLs, which allows remote authenticated users to modify data, obtain sensitive information, or trigger outbound traffic to arbitrary external hosts by leveraging (1) stylesheet commands that are permitted by the libxslt security options or (2) an xslt_process feature, related to an XML External Entity (aka XXE) issue. | |||||
CVE-2013-3186 | 1 Microsoft | 4 Internet Explorer, Windows 7, Windows Server 2008 and 1 more | 2024-02-28 | 7.6 HIGH | N/A |
The Protected Mode feature in Microsoft Internet Explorer 7 through 10 on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly implement the Integrity Access Level (aka IL) protection mechanism, which allows remote attackers to obtain medium-integrity privileges by leveraging access to a low-integrity process, aka "Process Integrity Level Assignment Vulnerability." | |||||
CVE-2013-4294 | 1 Openstack | 1 Keystone | 2024-02-28 | 5.0 MEDIUM | N/A |
The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token. | |||||
CVE-2013-2113 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2024-02-28 | 6.0 MEDIUM | N/A |
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changing the admin flag or (2) assigning an arbitrary role. | |||||
CVE-2013-3503 | 1 Gwos | 1 Groundwork Monitor | 2024-02-28 | 3.5 LOW | N/A |
The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
CVE-2012-1930 | 2 Opera, Unix | 2 Opera Browser, Unix | 2024-02-28 | 4.6 MEDIUM | N/A |
Opera before 11.62 on UNIX uses world-readable permissions for temporary files during printing, which allows local users to obtain sensitive information by reading these files. | |||||
CVE-2012-2170 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 4.3 MEDIUM | N/A |
The Application Snoop Servlet in IBM WebSphere Application Server 7.0 before 7.0.0.23 does not properly restrict access, which allows remote attackers to obtain sensitive client and request information via a direct request. | |||||
CVE-2011-4584 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | N/A |
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site. | |||||
CVE-2012-1423 | 11 Authentium, Emsisoft, Eset and 8 more | 11 Command Antivirus, Anti-malware, Nod32 Antivirus and 8 more | 2024-02-28 | 4.3 MEDIUM | N/A |
The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
CVE-2012-3736 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.6 MEDIUM | N/A |
The Passcode Lock implementation in Apple iOS before 6 allows physically proximate attackers to bypass an intended passcode requirement via vectors related to ending a FaceTime call. | |||||
CVE-2013-0172 | 1 Samba | 1 Samba | 2024-02-28 | 3.5 LOW | N/A |
Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute. | |||||
CVE-2013-1064 | 1 Canonical | 2 Apt-xapian-index, Ubuntu Linux | 2024-02-28 | 4.6 MEDIUM | N/A |
apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | |||||
CVE-2013-1662 | 1 Vmware | 2 Player, Workstation | 2024-02-28 | 6.9 MEDIUM | N/A |
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function. | |||||
CVE-2012-1012 | 1 Mit | 1 Kerberos 5 | 2024-02-28 | 5.5 MEDIUM | N/A |
server/server_stubs.c in the kadmin protocol implementation in MIT Kerberos 5 (aka krb5) 1.10 before 1.10.1 does not properly restrict access to (1) SET_STRING and (2) GET_STRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global list privilege. | |||||
CVE-2013-1672 | 2 Microsoft, Mozilla | 5 Windows, Firefox, Firefox Esr and 2 more | 2024-02-28 | 6.9 MEDIUM | N/A |
The Mozilla Maintenance Service in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 on Windows allows local users to bypass integrity verification and gain privileges via vectors involving junctions. |