Total
5467 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4328 | 1 Gnu | 1 Gnash | 2025-04-11 | 5.0 MEDIUM | N/A |
| plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information. | |||||
| CVE-2011-4300 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.0 MEDIUM | N/A |
| The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file. | |||||
| CVE-2010-2296 | 1 Google | 1 Chrome | 2025-04-11 | 9.3 HIGH | N/A |
| The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors. | |||||
| CVE-2012-1454 | 6 Aladdin, Drweb, Fortinet and 3 more | 6 Esafe, Dr.web Antivirus, Fortinet Antivirus and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee Gateway (formerly Webwasher) 2010.1C, Rising Antivirus 22.83.00.03, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified ei_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | |||||
| CVE-2011-4308 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors. | |||||
| CVE-2013-4459 | 2 Canonical, Robert Ancell | 2 Ubuntu Linux, Lightdm | 2025-04-11 | 3.3 LOW | N/A |
| LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account. | |||||
| CVE-2013-0838 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | 7.5 HIGH | N/A |
| Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors. | |||||
| CVE-2010-5296 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.9 MEDIUM | N/A |
| wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. | |||||
| CVE-2010-1894 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2003, Windows Xp | 2025-04-11 | 7.2 HIGH | N/A |
| The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability." | |||||
| CVE-2010-1671 | 1 Pharscape | 1 Hsolink | 2025-04-11 | 7.2 HIGH | N/A |
| hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via shell metacharacters in command-line arguments, as demonstrated by the second argument in a down action. | |||||
| CVE-2012-1122 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 3.6 LOW | N/A |
| bug_actiongroup.php in MantisBT before 1.2.9 does not properly check the report_bug_threshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the report_bug_threshold and move_bug_threshold privileges for a project to bypass intended access restrictions and move bug reports to a different project. | |||||
| CVE-2014-0649 | 1 Cisco | 1 Secure Access Control System | 2025-04-11 | 9.0 HIGH | N/A |
| The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180. | |||||
| CVE-2012-5519 | 2 Apple, Debian | 2 Cups, Debian Linux | 2025-04-11 | 7.2 HIGH | N/A |
| CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface. | |||||
| CVE-2011-1584 | 1 Dotclear | 1 Dotclear | 2025-04-11 | 6.5 MEDIUM | N/A |
| The updateFile function in inc/core/class.dc.media.php in the Media Manager in Dotclear before 2.2.3 does not properly restrict pathnames, which allows remote authenticated users to upload and execute arbitrary PHP code via the media_path or media_file parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-5019 | 1 Webwiz | 1 Web Wiz Newspad | 2025-04-11 | 5.0 MEDIUM | N/A |
| Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb. | |||||
| CVE-2010-1736 | 1 Aspindir | 1 Krm Haber | 2025-04-11 | 5.0 MEDIUM | N/A |
| KrM Haber 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for d_atabase/Krmdb.mdb. | |||||
| CVE-2012-3295 | 1 Ibm | 1 Websphere Mq | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors. | |||||
| CVE-2012-4833 | 1 Ibm | 2 Aix, Vios | 2025-04-11 | 2.1 LOW | N/A |
| fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly restrict the -k option, which allows local users to kill arbitrary processes via a crafted command line. | |||||
| CVE-2011-4589 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.5 MEDIUM | N/A |
| backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action. | |||||
| CVE-2013-0168 | 1 Redhat | 1 Enterprise Virtualization Manager | 2025-04-11 | 4.0 MEDIUM | N/A |
| The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. | |||||