Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1907 | 1 Privawall | 1 Privawall Antivirus | 2024-02-28 | 4.3 MEDIUM | N/A |
| The scanner engine in PrivaWall Antivirus 5.6 and earlier does not recognize the Office XML (aka Open Document XML) file format, which allows remote attackers to bypass malware detection via a crafted file embedded in a WordML document. | |||||
| CVE-2011-4945 | 1 Michael Biebl | 1 Policykit | 2024-02-28 | 6.9 MEDIUM | N/A |
| PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication. | |||||
| CVE-2011-4127 | 2 Linux, Suse | 2 Linux Kernel, Linux Enterprise Server | 2024-02-28 | 4.6 MEDIUM | N/A |
| The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume. | |||||
| CVE-2013-0168 | 1 Redhat | 1 Enterprise Virtualization Manager | 2024-02-28 | 4.0 MEDIUM | N/A |
| The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. | |||||
| CVE-2012-3365 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
| The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. | |||||
| CVE-2013-4477 | 1 Openstack | 2 Grizzly, Havana | 2024-02-28 | 3.3 LOW | N/A |
| The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges. | |||||
| CVE-2012-1120 | 1 Mantisbt | 1 Mantisbt | 2024-02-28 | 3.6 LOW | N/A |
| The SOAP API in MantisBT before 1.2.9 does not properly enforce the bugnote_allow_user_edit_delete and delete_bug_threshold permissions, which allows remote authenticated users with read and write SOAP API privileges to delete arbitrary bug reports and bug notes. | |||||
| CVE-2013-2239 | 1 Openvz | 1 Vzkernel | 2024-02-28 | 4.7 MEDIUM | N/A |
| vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via (1) a crafted ploop driver ioctl call, related to the ploop_getdevice_ioc function in drivers/block/ploop/dev.c, or (2) a crafted quotactl system call, related to the compat_quotactl function in fs/quota/quota.c. | |||||
| CVE-2010-5142 | 1 Opscode | 1 Chef | 2024-02-28 | 6.5 MEDIUM | N/A |
| chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI. | |||||
| CVE-2012-3383 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 2.6 LOW | N/A |
| The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text. | |||||
| CVE-2012-4542 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.6 MEDIUM | N/A |
| block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes. | |||||
| CVE-2012-3369 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform, Jboss Enterprise Web Platform | 2024-02-28 | 4.0 MEDIUM | N/A |
| The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used. | |||||
| CVE-2013-4609 | 2 Project-redcap, Vanderbilt | 2 Redcap, Redcap | 2024-02-28 | 6.5 MEDIUM | N/A |
| REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call. | |||||
| CVE-2013-4987 | 1 Pineapp | 1 Mail-secure | 2024-02-28 | 8.5 HIGH | N/A |
| PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command. | |||||
| CVE-2012-2565 | 1 Bloxx | 1 Web Filtering | 2024-02-28 | 5.8 MEDIUM | N/A |
| Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach. | |||||
| CVE-2012-5879 | 1 Mcafee | 2 Epo Mcafee Virtual Technician, Mcafee Virtual Technician | 2024-02-28 | 8.2 HIGH | N/A |
| An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician (MVT) and ePO-MVT 6.5.0.2101 and earlier allows remote attackers to modify or create arbitrary files via a full pathname argument to the Save method. | |||||
| CVE-2012-1833 | 1 Springsource | 1 Grails | 2024-02-28 | 5.0 MEDIUM | N/A |
| VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application. | |||||
| CVE-2013-2296 | 1 Eucalyptus | 1 Eucalyptus | 2024-02-28 | 5.5 MEDIUM | N/A |
| Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticated users to bypass intended restrictions on (1) modifying the logging setting, (2) modifying the versioning setting, or (3) accessing activity logs via a request. | |||||
| CVE-2011-2777 | 1 Tedfelix | 1 Acpid2 | 2024-02-28 | 4.4 MEDIUM | N/A |
| samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands. | |||||
| CVE-2013-4025 | 1 Ibm | 4 Data Studio Web Console, Db2 Recovery Expert, Infosphere Optim Configuration Manager and 1 more | 2024-02-28 | 1.9 LOW | N/A |
| IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||