Total
1767 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4161 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. | |||||
| CVE-2013-3323 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. | |||||
| CVE-2013-2625 | 3 Debian, Opensuse, Otrs | 5 Debian Linux, Opensuse, Faq and 2 more | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified | |||||
| CVE-2013-2016 | 3 Debian, Novell, Qemu | 4 Debian Linux, Open Desktop Server, Open Enterprise Server and 1 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. | |||||
| CVE-2013-2012 | 2 Autojump Project, Debian | 2 Autojump, Debian Linux | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory. | |||||
| CVE-2013-0643 | 7 Adobe, Apple, Linux and 4 more | 11 Flash Player, Mac Os X, Linux Kernel and 8 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. | |||||
| CVE-2013-0293 | 1 Ovirt | 1 Node | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation | |||||
| CVE-2012-6639 | 3 Canonical, Debian, Suse | 3 Cloud-init, Debian Linux, Linux Enterprise Server | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data. | |||||
| CVE-2012-6302 | 1 Soapbox Project | 1 Soapbox | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox. | |||||
| CVE-2012-5663 | 1 Openbsd | 1 Textproc\/isearch | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp). | |||||
| CVE-2012-5617 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| gksu-polkit: permissive PolicyKit policy configuration file allows privilege escalation | |||||
| CVE-2012-5376 | 1 Google | 1 Chrome | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
| The Inter-process Communication (IPC) implementation in Google Chrome before 22.0.1229.94 allows remote attackers to bypass intended sandbox restrictions and write to arbitrary files by leveraging access to a renderer process, a different vulnerability than CVE-2012-5112. | |||||
| CVE-2012-4767 | 1 Safend | 1 Data Protector Agent | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied to the machine. | |||||
| CVE-2012-4761 | 1 Safend | 1 Data Protector Agent | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges. | |||||
| CVE-2012-4760 | 1 Safend | 1 Data Protector Agent | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges. | |||||
| CVE-2012-4606 | 1 Citrix | 1 Xenserver | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges. | |||||
| CVE-2012-4480 | 2 Fedoraproject, Ovirt | 2 Fedora, Mom | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| mom creates world-writable pid files in /var/run | |||||
| CVE-2012-3993 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-11-21 | 9.3 HIGH | N/A |
| The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an "XrayWrapper pollution" issue. | |||||
| CVE-2012-2312 | 1 Redhat | 2 Jboss Application Server, Jboss Enterprise Application Platform | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges. | |||||
| CVE-2012-2148 | 2 Linux, Redhat | 3 Linux Kernel, Jboss Community Application Server, Jboss Enterprise Web Server | 2024-11-21 | 1.9 LOW | 3.3 LOW |
| An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies | |||||