Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5472 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | N/A |
| lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field. | |||||
| CVE-2012-4554 | 1 Drupal | 1 Drupal | 2024-02-28 | 5.0 MEDIUM | N/A |
| The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file. | |||||
| CVE-2012-4566 | 1 Uninett | 1 Radsecproxy | 2024-02-28 | 6.4 MEDIUM | N/A |
| The DTLS support in radsecproxy before 1.6.2 does not properly verify certificates when there are configuration blocks with CA settings that are unrelated to the block being used for verifying the certificate chain, which might allow remote attackers to bypass intended access restrictions and spoof clients, a different vulnerability than CVE-2012-4523. | |||||
| CVE-2012-4586 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2024-02-28 | 3.5 LOW | N/A |
| McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file. | |||||
| CVE-2012-5539 | 2 Drupal, Organic Groups Project | 2 Drupal, Organic Groups | 2024-02-28 | 3.5 LOW | N/A |
| The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved. | |||||
| CVE-2012-4510 | 1 Cups-pk-helper Project | 1 Cups-pk-helper | 2024-02-28 | 5.8 MEDIUM | N/A |
| cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS resources. | |||||
| CVE-2013-2866 | 1 Google | 2 Chrome, Chrome Os | 2024-02-28 | 4.3 MEDIUM | N/A |
| The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property. | |||||
| CVE-2012-1118 | 1 Mantisbt | 1 Mantisbt | 2024-02-28 | 4.3 MEDIUM | N/A |
| The access_has_bug_level function in core/access_api.php in MantisBT before 1.2.9 does not properly restrict access when the private_bug_view_threshold is set to an array, which allows remote attackers to bypass intended restrictions and perform certain operations on private bug reports. | |||||
| CVE-2012-0205 | 1 Ibm | 2 Infosphere Information Server, Infosphere Metadata Workbench | 2024-02-28 | 6.5 MEDIUM | N/A |
| InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors. | |||||
| CVE-2012-0798 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.5 MEDIUM | N/A |
| The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role. | |||||
| CVE-2012-6355 | 1 Ibm | 7 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 4 more | 2024-02-28 | 6.5 MEDIUM | N/A |
| IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order. | |||||
| CVE-2013-5538 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506. | |||||
| CVE-2012-3713 | 1 Apple | 1 Safari | 2024-02-28 | 4.3 MEDIUM | N/A |
| Apple Safari before 6.0.1 does not properly handle the Quarantine attribute of HTML documents, which allows user-assisted remote attackers to read arbitrary files by leveraging the presence of a downloaded document. | |||||
| CVE-2013-0918 | 1 Google | 1 Chrome | 2024-02-28 | 6.8 MEDIUM | N/A |
| Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site. | |||||
| CVE-2013-4566 | 2 Mod Nss Project, Redhat | 2 Mod Nss, Enterprise Linux | 2024-02-28 | 4.0 MEDIUM | N/A |
| mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting in the directory context, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2012-0434 | 1 Novell | 1 Suse Cloud | 2024-02-28 | 10.0 HIGH | N/A |
| The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors. | |||||
| CVE-2012-4587 | 1 Mcafee | 2 Enterprise Mobility Manager, Enterprise Mobility Manager Agent | 2024-02-28 | 3.5 LOW | N/A |
| McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device. | |||||
| CVE-2012-5629 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform | 2024-02-28 | 7.5 HIGH | N/A |
| The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password. | |||||
| CVE-2013-3985 | 1 Ibm | 1 Lotus Sametime | 2024-02-28 | 2.9 LOW | N/A |
| The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable. | |||||
| CVE-2013-1290 | 1 Microsoft | 1 Sharepoint Server | 2024-02-28 | 3.5 LOW | N/A |
| Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability." | |||||