Total
5467 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1903 | 1 Postgresql | 1 Postgresql | 2025-04-11 | 10.0 HIGH | N/A |
| PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors. | |||||
| CVE-2013-1897 | 1 Fedoraproject | 1 389 Directory Server | 2025-04-11 | 2.6 LOW | N/A |
| The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search. | |||||
| CVE-2010-2657 | 3 Apple, Microsoft, Opera | 3 Macos, Windows, Opera Browser | 2025-04-11 | 9.3 HIGH | N/A |
| Opera before 10.60 on Windows and Mac OS X does not properly prevent certain double-click operations from running a program located on a web site, which allows user-assisted remote attackers to execute arbitrary code via a crafted web page that bypasses a dialog. | |||||
| CVE-2013-4609 | 2 Project-redcap, Vanderbilt | 2 Redcap, Redcap | 2025-04-11 | 6.5 MEDIUM | N/A |
| REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain undocumented syntax within branching logic and calculations, which allows remote authenticated users to bypass intended access restrictions via (1) the Online Designer or (2) the Data Dictionary upload, as demonstrated by an eval call. | |||||
| CVE-2012-3546 | 1 Apache | 1 Tomcat | 2025-04-11 | 4.3 MEDIUM | N/A |
| org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI. | |||||
| CVE-2013-5975 | 1 F5 | 1 Big-ip Access Policy Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
| The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2011-4867 | 2 Android, Tencent | 2 Android, Qqpphoto | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a crafted application. | |||||
| CVE-2011-1665 | 1 Phpboost | 1 Phpboost | 2025-04-11 | 5.0 MEDIUM | N/A |
| PHPBoost 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain backup SQL files via a direct request for predictable filenames in cache/backup/. | |||||
| CVE-2011-1847 | 1 Ibm | 1 Db2 | 2025-04-11 | 4.9 MEDIUM | N/A |
| IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-0924 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors. | |||||
| CVE-2010-0575 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-11 | 5.0 MEDIUM | N/A |
| Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-3034. | |||||
| CVE-2013-6955 | 1 Synology | 1 Diskstation Manager | 2025-04-11 | 10.0 HIGH | N/A |
| webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. | |||||
| CVE-2007-6735 | 1 Novell | 2 Netware, Netware Ftp Server | 2025-04-11 | 7.5 HIGH | N/A |
| NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not properly handle partial matches for container names in the FTPREST.TXT file, which allows remote attackers to bypass intended access restrictions via an FTP session. | |||||
| CVE-2013-0922 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors. | |||||
| CVE-2011-3645 | 1 Newgensoft | 1 Omnidocs | 2025-04-11 | 7.5 HIGH | N/A |
| Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user. | |||||
| CVE-2013-1345 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2025-04-11 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability." | |||||
| CVE-2013-5522 | 1 Cisco | 2 Catalyst 3750-x, Ios | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286. | |||||
| CVE-2013-5153 | 1 Apple | 1 Iphone Os | 2025-04-11 | 2.1 LOW | N/A |
| Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | |||||
| CVE-2013-6026 | 3 Alphanetworks, Dlink, Planex | 13 Vdsl Asl-55052, Vdsl Asl-56552, Di-524up and 10 more | 2025-04-11 | 10.0 HIGH | N/A |
| The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013. | |||||
| CVE-2013-0454 | 3 Canonical, Ibm, Samba | 3 Ubuntu Linux, Storwize, Samba | 2025-04-11 | 4.0 MEDIUM | N/A |
| The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter. | |||||