Total
5467 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3280 | 1 Emc | 1 Rsa Authentication Agent | 2025-04-11 | 7.5 HIGH | N/A |
| EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that trigger an agent crash. | |||||
| CVE-2011-2368 | 1 Mozilla | 1 Firefox | 2025-04-11 | 10.0 HIGH | N/A |
| The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2012-5966 | 1 Dlink | 1 Dsl-2730u | 2025-04-11 | 4.0 MEDIUM | N/A |
| The restricted telnet shell on the D-Link DSL2730U router allows remote authenticated users to bypass intended command restrictions via shell metacharacters that follow a whitelisted command. | |||||
| CVE-2011-2740 | 2 Emc, Mozilla | 2 Rsa Key Manager Appliance, Firefox | 2025-04-11 | 9.3 HIGH | N/A |
| EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | |||||
| CVE-2010-0215 | 1 Activecollab | 1 Activecollab | 2025-04-11 | 6.0 MEDIUM | N/A |
| ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL. | |||||
| CVE-2011-1312 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.31 and 7.x before 7.0.0.15 does not prevent modifications of the primary admin id, which allows remote authenticated administrators to bypass intended access restrictions by mapping a (1) user or (2) group to an administrator role. | |||||
| CVE-2012-4487 | 2 Boombatower, Drupal | 2 Subuser, Drupal | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they created. | |||||
| CVE-2012-5155 | 2 Apple, Google | 2 Mac Os X, Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2012-4402 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.9 MEDIUM | N/A |
| webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service. | |||||
| CVE-2011-4285 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.5 MEDIUM | N/A |
| The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role. | |||||
| CVE-2013-0829 | 1 Google | 1 Chrome | 2025-04-11 | 6.4 MEDIUM | N/A |
| Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors. | |||||
| CVE-2012-3560 | 1 Opera | 1 Opera Browser | 2025-04-11 | 4.3 MEDIUM | N/A |
| Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page. | |||||
| CVE-2012-3323 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | 6.8 MEDIUM | N/A |
| IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2013-3898 | 1 Microsoft | 2 Windows 8, Windows Server 2012 | 2025-04-11 | 7.9 HIGH | N/A |
| Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, does not ensure memory-address validity, which allows guest OS users to execute arbitrary code in all guest OS instances, and allows guest OS users to cause a denial of service (host OS crash), via a guest-to-host hypercall with a crafted function parameter, aka "Address Corruption Vulnerability." | |||||
| CVE-2010-0218 | 1 Isc | 1 Bind | 2025-04-11 | 5.0 MEDIUM | N/A |
| ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired (RD) queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query. | |||||
| CVE-2013-6660 | 1 Google | 1 Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| The drag-and-drop implementation in Google Chrome before 33.0.1750.117 does not properly restrict the information in WebDropData data structures, which allows remote attackers to discover full pathnames via a crafted web site. | |||||
| CVE-2010-2693 | 1 Freebsd | 1 Freebsd | 2025-04-11 | 7.2 HIGH | N/A |
| FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via the sendfile system call. | |||||
| CVE-2012-4816 | 1 Ibm | 1 Rational Automation Framework | 2025-04-11 | 7.5 HIGH | N/A |
| IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080. | |||||
| CVE-2010-3223 | 1 Microsoft | 1 Windows Server 2008 | 2025-04-11 | 7.5 HIGH | N/A |
| The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." | |||||
| CVE-2010-2237 | 1 Libvirt | 1 Libvirt | 2025-04-11 | 4.4 MEDIUM | N/A |
| Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. | |||||