Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-4975 | 1 Layton Technology | 1 Helpbox | 2024-02-28 | 4.0 MEDIUM | N/A |
editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter. | |||||
CVE-2012-4594 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-02-28 | 4.0 MEDIUM | N/A |
McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information from arbitrary reporting panels, via a modified ID value in a console URL. | |||||
CVE-2012-4425 | 2 Freedesktop, Gtk | 2 Spice-gtk, Libgio | 2024-02-28 | 6.9 MEDIUM | N/A |
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself. | |||||
CVE-2012-5146 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-02-28 | 5.0 MEDIUM | N/A |
Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL. | |||||
CVE-2013-5506 | 1 Cisco | 1 Firewall Services Module Software | 2024-02-28 | 6.6 MEDIUM | N/A |
The authorization functionality in Cisco Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(25) and 4.x before 4.1(13), when multiple-context mode is enabled, allows local users to read or modify any context's configuration via unspecified commands, aka Bug ID CSCue46080. | |||||
CVE-2013-5188 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.0 MEDIUM | N/A |
The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically proximate attackers to obtain access by visiting an unattended workstation in the hibernating state. | |||||
CVE-2012-2292 | 1 Emc | 2 Rsa Archer Egrc, Rsa Archer Smartsuite | 2024-02-28 | 7.5 HIGH | N/A |
The Silverlight cross-domain policy in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 does not restrict access to the Archer application, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
CVE-2012-4593 | 1 Mcafee | 2 Application Control, Change Control | 2024-02-28 | 5.0 MEDIUM | N/A |
McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command. | |||||
CVE-2013-1774 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-02-28 | 4.0 MEDIUM | N/A |
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. | |||||
CVE-2013-6398 | 1 Apache | 1 Cloudstack | 2024-02-28 | 2.8 LOW | N/A |
The virtual router in Apache CloudStack before 4.2.1 does not preserve the source restrictions in firewall rules after being restarted, which allows remote attackers to bypass intended restrictions via a request. | |||||
CVE-2013-3617 | 1 Openbravo | 1 Openbravo Erp | 2024-02-28 | 3.5 LOW | N/A |
The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue. | |||||
CVE-2012-3987 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-28 | 4.0 MEDIUM | N/A |
Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | |||||
CVE-2012-4470 | 2 Drupal, Philip Ludlam | 2 Drupal, Listhandler | 2024-02-28 | 7.5 HIGH | N/A |
The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not properly check permissions when importing emails, which allows remote comment authors to bypass access restrictions and possibly have other unspecified impact. | |||||
CVE-2012-1119 | 1 Mantisbt | 1 Mantisbt | 2024-02-28 | 6.4 MEDIUM | N/A |
MantisBT before 1.2.9 does not audit when users copy or clone a bug report, which makes it easier for remote attackers to copy bug reports without detection. | |||||
CVE-2013-6823 | 1 Sap | 1 Netweaver | 2024-02-28 | 6.4 MEDIUM | N/A |
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
CVE-2013-5552 | 1 Cisco | 2 Content Services Gateway, Ios | 2024-02-28 | 6.4 MEDIUM | N/A |
Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143. | |||||
CVE-2013-1700 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-02-28 | 7.2 HIGH | N/A |
The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on Windows does not properly handle inability to launch the Mozilla Updater executable file, which allows local users to gain privileges via vectors involving placement of a Trojan horse executable file at an arbitrary location. | |||||
CVE-2012-1445 | 4 Aladdin, Fortinet, Pandasecurity and 1 more | 4 Esafe, Fortinet Antivirus, Panda Antivirus and 1 more | 2024-02-28 | 4.3 MEDIUM | N/A |
The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified abi field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | |||||
CVE-2012-4777 | 1 Microsoft | 9 .net Framework, Windows 7, Windows 8 and 6 more | 2024-02-28 | 9.3 HIGH | N/A |
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability." | |||||
CVE-2013-5328 | 1 Adobe | 1 Coldfusion | 2024-02-28 | 7.8 HIGH | N/A |
Adobe ColdFusion 10 before Update 12 allows remote attackers to read arbitrary files via unspecified vectors. |