Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-4904 | 1 Dootzky | 1 Oblog | 2024-02-28 | 5.0 MEDIUM | N/A |
article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service (blog spam) via a comment=new action. | |||||
CVE-2011-2677 | 1 Cybozu | 1 Office | 2024-02-28 | 5.5 MEDIUM | N/A |
Cybozu Office before 8.0.0 allows remote authenticated users to bypass intended access restrictions and access sensitive information (time card and attendance) via unspecified vectors related to manipulation of a URL. | |||||
CVE-2011-0539 | 1 Openbsd | 1 Openssh | 2024-02-28 | 5.0 MEDIUM | N/A |
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks. | |||||
CVE-2010-1754 | 1 Apple | 2 Iphone Os, Ipod Touch | 2024-02-28 | 6.9 MEDIUM | N/A |
Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does not properly handle alert-based unlocks in conjunction with subsequent Remote Lock operations through MobileMe, which allows physically proximate attackers to bypass intended passcode requirements via unspecified vectors. | |||||
CVE-2010-3196 | 1 Ibm | 1 Db2 | 2024-02-28 | 3.5 LOW | N/A |
IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. | |||||
CVE-2011-3376 | 1 Apache | 1 Tomcat | 2024-02-28 | 4.4 MEDIUM | N/A |
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality. | |||||
CVE-2010-3893 | 1 Ibm | 1 Omnifind | 2024-02-28 | 7.5 HIGH | N/A |
The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue. | |||||
CVE-2010-5073 | 1 Google | 1 Chrome | 2024-02-28 | 5.0 MEDIUM | N/A |
The JavaScript implementation in Google Chrome 4 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. NOTE: this may overlap CVE-2010-5070. | |||||
CVE-2011-2157 | 1 Smartertools | 1 Smarterstats | 2024-02-28 | 5.0 MEDIUM | N/A |
The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form fields. | |||||
CVE-2010-4045 | 1 Opera | 1 Opera Browser | 2024-02-28 | 9.3 HIGH | N/A |
Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context. | |||||
CVE-2012-0396 | 1 Emc | 1 Documentum Xplore | 2024-02-28 | 4.0 MEDIUM | N/A |
EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search. | |||||
CVE-2010-4602 | 1 Ibm | 1 Rational Clearquest | 2024-02-28 | 4.0 MEDIUM | N/A |
The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and 7.1.2.x before 7.1.2.1 allows remote authenticated users to bypass "restricted user" limitations, and read arbitrary records, via a modified record number in the URL for a RECORD action, as demonstrated by a modified bookmark. | |||||
CVE-2010-3829 | 1 Apple | 1 Iphone Os | 2024-02-28 | 5.8 MEDIUM | N/A |
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to CVE-2010-3813. | |||||
CVE-2009-5008 | 1 Cisco | 1 Secure Desktop | 2024-02-28 | 2.1 LOW | N/A |
Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file. | |||||
CVE-2010-1130 | 1 Php | 1 Php | 2024-02-28 | 5.0 MEDIUM | N/A |
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode restrictions via an argument that contains multiple ; characters in conjunction with a .. (dot dot). | |||||
CVE-2008-7296 | 1 Apple | 1 Safari | 2024-02-28 | 5.8 MEDIUM | N/A |
Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | |||||
CVE-2011-1582 | 1 Apache | 1 Tomcat | 2024-02-28 | 4.3 MEDIUM | N/A |
Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419. | |||||
CVE-2011-2385 | 1 Otrs | 2 Iphonehandle, Otrs | 2024-02-28 | 6.5 MEDIUM | N/A |
The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors. | |||||
CVE-2010-1641 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.6 MEDIUM | N/A |
The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel before 2.6.34-git10 does not verify the ownership of a file, which allows local users to bypass intended access restrictions via a SETFLAGS ioctl request. | |||||
CVE-2008-7282 | 1 Otrs | 1 Otrs | 2024-02-28 | 4.6 MEDIUM | N/A |
Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors. |