Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4211 | 1 Google | 1 App Engine Python Sdk | 2024-02-28 | 7.2 HIGH | N/A |
| The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364. | |||||
| CVE-2011-0995 | 2 Novell, Rubyforge | 2 Suse Linux Enterprise, Rubygem-sqlite3 | 2024-02-28 | 2.1 LOW | N/A |
| The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 in SUSE Linux Enterprise (SLE) 11 SP1 uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. | |||||
| CVE-2010-0306 | 1 Kvm Qumranet | 1 Kvm | 2024-02-28 | 4.1 MEDIUM | N/A |
| The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298. | |||||
| CVE-2011-1005 | 1 Ruby-lang | 1 Ruby | 2024-02-28 | 5.0 MEDIUM | N/A |
| The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by changing an intended pathname. | |||||
| CVE-2011-3230 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2024-02-28 | 6.8 MEDIUM | N/A |
| Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site. | |||||
| CVE-2011-3645 | 1 Newgensoft | 1 Omnidocs | 2024-02-28 | 7.5 HIGH | N/A |
| Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user. | |||||
| CVE-2011-1898 | 1 Citrix | 1 Xen | 2024-02-28 | 7.4 HIGH | N/A |
| Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers." | |||||
| CVE-2009-4832 | 1 Deslock | 1 Deslock\+ | 2024-02-28 | 7.2 HIGH | N/A |
| The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device. | |||||
| CVE-2010-0215 | 1 Activecollab | 1 Activecollab | 2024-02-28 | 6.0 MEDIUM | N/A |
| ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL. | |||||
| CVE-2010-0825 | 1 Gnu | 1 Emacs | 2024-02-28 | 4.4 MEDIUM | N/A |
| lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks. | |||||
| CVE-2011-0466 | 1 Novell | 1 Opensuse Build Service | 2024-02-28 | 6.4 MEDIUM | N/A |
| The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2.1.x before 2.1.6 allows attackers to bypass intended write-access restrictions and modify a (1) package or (2) project via unspecified vectors. | |||||
| CVE-2009-2822 | 1 Apple | 2 Airport Base Station, Airport Utility | 2024-02-28 | 6.8 MEDIUM | N/A |
| AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame. | |||||
| CVE-2010-0734 | 1 Curl | 1 Libcurl | 2024-02-28 | 6.8 MEDIUM | N/A |
| content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. | |||||
| CVE-2009-4820 | 1 Aspindir | 1 Angelo-emlak | 2024-02-28 | 5.0 MEDIUM | N/A |
| Angelo-Emlak 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for veribaze/angelo.mdb. | |||||
| CVE-2011-1658 | 1 Gnu | 1 Glibc | 2024-02-28 | 3.7 LOW | N/A |
| ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier expands the $ORIGIN dynamic string token when RPATH is composed entirely of this token, which might allow local users to gain privileges by creating a hard link in an arbitrary directory to a (1) setuid or (2) setgid program with this RPATH value, and then executing the program with a crafted value for the LD_PRELOAD environment variable, a different vulnerability than CVE-2010-3847 and CVE-2011-0536. NOTE: it is not expected that any standard operating-system distribution would ship an applicable setuid or setgid program. | |||||
| CVE-2012-0366 | 1 Cisco | 1 Unity Connection | 2024-02-28 | 9.0 HIGH | N/A |
| Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141. | |||||
| CVE-2011-4608 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-02-28 | 7.5 HIGH | N/A |
| mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints. | |||||
| CVE-2011-0227 | 1 Apple | 1 Iphone Os | 2024-02-28 | 7.2 HIGH | N/A |
| The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. | |||||
| CVE-2007-6734 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-02-28 | 4.0 MEDIUM | N/A |
| NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 does not properly implement the FTPREST.TXT NOREMOTE restriction, which allows remote authenticated users to access directories outside of the home server via unspecified vectors. | |||||
| CVE-2010-2693 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.2 HIGH | N/A |
| FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call. | |||||