Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0127 | 1 Ibm | 1 Lotus Notes | 2024-02-28 | 5.8 MEDIUM | N/A |
| IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and JMOY95BN49. | |||||
| CVE-2012-5864 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2024-02-28 | 10.0 HIGH | N/A |
| The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 do not require authentication, which allows remote attackers to obtain administrative access via a direct request, as demonstrated by a request to ping.php. | |||||
| CVE-2012-3579 | 1 Symantec | 1 Messaging Gateway | 2024-02-28 | 7.9 HIGH | N/A |
| Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. | |||||
| CVE-2013-3666 | 2 Google, Lg | 2 Android, Optimus G E973 | 2024-02-28 | 7.2 HIGH | N/A |
| The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge (adb) to establish a USB connection, dialing 3845#*973#, modifying the WLAN Test Wi-Fi Ping Test/User Command tcpdump command string, and pressing the CANCEL button. | |||||
| CVE-2013-3506 | 1 Gwos | 1 Groundwork Monitor | 2024-02-28 | 7.5 HIGH | N/A |
| cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes (SSI) functionality. | |||||
| CVE-2013-4340 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 3.5 LOW | N/A |
| wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter. | |||||
| CVE-2012-3494 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 2.1 LOW | N/A |
| The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register. | |||||
| CVE-2011-2709 | 1 Umich | 2 Libgssapi, Libgssglue | 2024-02-28 | 6.2 MEDIUM | N/A |
| libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs. | |||||
| CVE-2013-4613 | 1 Canon | 9 Mg3100 Printer, Mg5300 Printer, Mg6100 Printer and 6 more | 2024-02-28 | 7.5 HIGH | N/A |
| The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating "for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password." | |||||
| CVE-2012-5603 | 1 Redhat | 1 Cloudforms | 2024-02-28 | 5.5 MEDIUM | N/A |
| proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system. | |||||
| CVE-2013-3859 | 1 Microsoft | 2 Office, Pinyin Ime | 2024-02-28 | 6.9 MEDIUM | N/A |
| Microsoft Pinyin IME 2010, when used in conjunction with Microsoft Office 2010 SP1, does not properly restrict configuration options, which allows local users to gain privileges by starting Internet Explorer from the IME toolbar, aka "Chinese IME Vulnerability." | |||||
| CVE-2013-2203 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 4.3 MEDIUM | N/A |
| WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an XMLHttpRequest error message. | |||||
| CVE-2013-2355 | 1 Hp | 1 System Management Homepage | 2024-02-28 | 5.0 MEDIUM | N/A |
| HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2012-5217. | |||||
| CVE-2012-2355 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | N/A |
| Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. | |||||
| CVE-2012-3542 | 1 Openstack | 2 Essex, Horizon | 2024-02-28 | 4.3 MEDIUM | N/A |
| OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex (2012.1), allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly assigned to an open redirect issue, but the correct identifier for that issue is CVE-2012-3540. | |||||
| CVE-2013-4439 | 1 Saltstack | 1 Salt | 2024-02-28 | 4.9 MEDIUM | N/A |
| Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. | |||||
| CVE-2013-1285 | 1 Microsoft | 7 Windows 7, Windows 8, Windows Server 2003 and 4 more | 2024-02-28 | 7.2 HIGH | N/A |
| The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287. | |||||
| CVE-2012-4861 | 1 Ibm | 1 Infosphere Replication Server | 2024-02-28 | 4.0 MEDIUM | N/A |
| The web server in InfoSphere Data Replication Dashboard in IBM InfoSphere Replication Server 9.7 and 10.1 through 10.1.0.4 allows remote authenticated users to list directories via a direct request for a directory URL. | |||||
| CVE-2013-6945 | 1 Osehra | 1 Vista | 2024-02-28 | 7.5 HIGH | N/A |
| The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw." | |||||
| CVE-2013-2876 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-02-28 | 5.0 MEDIUM | N/A |
| browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1500.71 does not properly enforce restrictions on the capture of screenshots by extensions, which allows remote attackers to obtain sensitive information about the content of a previous page via vectors involving an interstitial page. | |||||