Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-7081 | 1 Typo3 | 1 Typo3 | 2024-02-28 | 4.9 MEDIUM | N/A |
The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors. | |||||
CVE-2013-5383 | 1 Ibm | 1 Maximo Asset Management | 2024-02-28 | 4.0 MEDIUM | N/A |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5382. | |||||
CVE-2012-4499 | 2 Drupal, Matthias Hutterer | 2 Drupal, Email | 2024-02-28 | 5.0 MEDIUM | N/A |
The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vectors. | |||||
CVE-2013-2834 | 1 Google | 1 Chrome Os | 2024-02-28 | 5.0 MEDIUM | N/A |
Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835. | |||||
CVE-2012-3714 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
The Form Autofill feature in Apple Safari before 6.0.1 does not restrict the filled fields to the set of fields contained in an Autofill popover, which allows remote attackers to obtain the Me card from an Address Book via a crafted web site. | |||||
CVE-2012-1810 | 1 C3-ilex | 1 Eoscada | 2024-02-28 | 5.0 MEDIUM | N/A |
EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service (daemon restart) by sending data to TCP port (1) 5050 or (2) 24004. | |||||
CVE-2013-2133 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2024-02-28 | 5.5 MEDIUM | N/A |
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. | |||||
CVE-2012-6033 | 1 Xen | 1 Xen | 2024-02-28 | 4.4 MEDIUM | N/A |
The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. | |||||
CVE-2012-4090 | 1 Cisco | 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more | 2024-02-28 | 4.0 MEDIUM | N/A |
The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. | |||||
CVE-2012-1828 | 1 Efstechnology | 1 Autoform Pdm Archive | 2024-02-28 | 6.5 MEDIUM | N/A |
The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function. | |||||
CVE-2012-1121 | 1 Mantisbt | 1 Mantisbt | 2024-02-28 | 4.9 MEDIUM | N/A |
MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories. | |||||
CVE-2012-4413 | 1 Openstack | 1 Keystone | 2024-02-28 | 4.0 MEDIUM | N/A |
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles. | |||||
CVE-2012-5187 | 1 Weathernews | 1 Weathernews Touch | 2024-02-28 | 4.3 MEDIUM | N/A |
The Weathernews Touch application 2.3.2 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. | |||||
CVE-2012-4063 | 1 Eucalyptus | 1 Eucalyptus | 2024-02-28 | 5.0 MEDIUM | N/A |
The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via unspecified vectors. | |||||
CVE-2013-5189 | 1 Apple | 1 Mac Os X | 2024-02-28 | 5.8 MEDIUM | N/A |
Apple Mac OS X before 10.9 does not preserve a certain administrative system-preferences setting across software updates, which allows context-dependent attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended security configuration after the completion of an update. | |||||
CVE-2012-1906 | 2 Puppet, Puppetlabs | 4 Puppet, Puppet Enterprise, Puppet and 1 more | 2024-02-28 | 3.3 LOW | N/A |
Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp. | |||||
CVE-2010-5089 | 1 Silverstripe | 1 Silverstripe | 2024-02-28 | 4.3 MEDIUM | N/A |
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information. | |||||
CVE-2012-4734 | 1 Bestpractical | 1 Rt | 2024-02-28 | 5.0 MEDIUM | N/A |
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link. | |||||
CVE-2012-2692 | 1 Mantisbt | 1 Mantisbt | 2024-02-28 | 3.6 LOW | N/A |
MantisBT before 1.2.11 does not check the delete_attachments_threshold permission when form_security_validation is set to OFF, which allows remote authenticated users with certain privileges to bypass intended access restrictions and delete arbitrary attachments. | |||||
CVE-2012-5557 | 2 Drupal, User Read-only Project | 2 Drupal, User Readonly | 2024-02-28 | 3.6 LOW | N/A |
The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain operations, as demonstrated by changing a password. |