Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4293 | 1 Moodle | 1 Moodle | 2024-02-28 | 6.4 MEDIUM | N/A |
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors. | |||||
CVE-2012-3486 | 1 Google | 1 Tunnelblick | 2024-02-28 | 6.9 MEDIUM | N/A |
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event. | |||||
CVE-2012-6426 | 1 Lemonldap-ng | 1 Lemonldap\ | 2024-02-28 | 7.5 HIGH | N/A |
LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data. | |||||
CVE-2012-6462 | 1 Opera | 1 Opera Browser | 2024-02-28 | 5.0 MEDIUM | N/A |
Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request. | |||||
CVE-2010-5065 | 1 Vwar | 1 Virtual War | 2024-02-28 | 5.0 MEDIUM | N/A |
popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to bypass intended member restrictions and read news posts via a modified newsid parameter in a printnews action. | |||||
CVE-2013-7042 | 1 Novell | 1 Suse Lifecycle Management Server | 2024-02-28 | 4.6 MEDIUM | N/A |
SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. | |||||
CVE-2012-3311 | 1 Ibm | 2 Websphere Application Server, Z\/os | 2024-02-28 | 3.3 LOW | N/A |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 on z/OS, in certain configurations involving Federated Repositories for IIOP connections and Optimized Local Adapters, does not perform CBIND checks, which allows local users to bypass intended access restrictions, and read or modify application data, via unspecified vectors. | |||||
CVE-2012-0264 | 1 Op5 | 1 Monitor | 2024-02-28 | 10.0 HIGH | N/A |
op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors. | |||||
CVE-2012-1241 | 1 Artonx.org | 1 Activescriptruby | 2024-02-28 | 7.5 HIGH | N/A |
GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document. | |||||
CVE-2012-2123 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR. | |||||
CVE-2012-5951 | 1 Ibm | 2 Tivoli Netview, Z\/os | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level. | |||||
CVE-2013-6965 | 1 Cisco | 1 Webex Training Center | 2024-02-28 | 5.0 MEDIUM | N/A |
The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183. | |||||
CVE-2013-5161 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.4 MEDIUM | N/A |
Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors. | |||||
CVE-2012-1643 | 2 Drupal, Jason Savino | 2 Drupal, Fp | 2024-02-28 | 5.0 MEDIUM | N/A |
The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does not check the "administer permissions" permission, which allows remote attackers to modify access permissions via unspecified vectors. | |||||
CVE-2012-3397 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | N/A |
lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users. | |||||
CVE-2012-1313 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 6.5 MEDIUM | N/A |
The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772. | |||||
CVE-2013-6404 | 1 Quassel-irc | 1 Quassel Irc | 2024-02-28 | 4.0 MEDIUM | N/A |
Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/. | |||||
CVE-2012-0129 | 1 Hp | 1 Onboard Administrator | 2024-02-28 | 7.6 HIGH | N/A |
HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | |||||
CVE-2013-4300 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing. | |||||
CVE-2013-1650 | 1 Open-xchange | 1 Open-xchange Server | 2024-02-28 | 2.1 LOW | N/A |
Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses weak permissions (group "other" readable) under opt/open-xchange/etc/, which allows local users to obtain sensitive information via standard filesystem operations. |