Total
5457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0228 | 1 Invensys | 1 Wonderware Information Server | 2025-04-11 | 7.5 HIGH | N/A |
| Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2010-5276 | 2 Drupal, Memcache Project | 2 Drupal, Memcache | 2025-04-11 | 4.3 MEDIUM | N/A |
| The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal does not properly handle the $user object in memcache_admin, which might "lead to a role change not being recognized until the user logs in again." | |||||
| CVE-2010-0978 | 1 Kmsoft | 1 Guestbook | 2025-04-11 | 5.0 MEDIUM | N/A |
| KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb. | |||||
| CVE-2013-4033 | 1 Ibm | 2 Db2, Db2 Connect | 2025-04-11 | 4.6 MEDIUM | N/A |
| IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. | |||||
| CVE-2013-4964 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | 5.0 MEDIUM | N/A |
| Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2010-2363 | 1 Iij | 6 Seil\/b1, Seil\/b1 Firmware, Seil\/x1 and 3 more | 2025-04-11 | 5.8 MEDIUM | N/A |
| The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the SEIL/X1, SEIL/X2, and SEIL/B1 routers with firmware 1.00 through 2.73, when strict mode is used, does not properly drop packets, which might allow remote attackers to bypass intended access restrictions via a spoofed IP address. | |||||
| CVE-2011-0706 | 2 Redhat, Sun | 2 Icedtea-web, Jdk | 2025-04-11 | 7.5 HIGH | N/A |
| The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor." | |||||
| CVE-2013-5187 | 1 Apple | 1 Mac Os X | 2025-04-11 | 1.9 LOW | N/A |
| The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | |||||
| CVE-2012-4677 | 1 Google | 1 Tunnelblick | 2025-04-11 | 4.4 MEDIUM | N/A |
| Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. | |||||
| CVE-2011-2777 | 1 Tedfelix | 1 Acpid2 | 2025-04-11 | 4.4 MEDIUM | N/A |
| samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands. | |||||
| CVE-2011-1249 | 1 Microsoft | 6 Windows 2003 Server, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 7.2 HIGH | N/A |
| The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." | |||||
| CVE-2012-3558 | 1 Opera | 1 Opera Browser | 2025-04-11 | 2.6 LOW | N/A |
| Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during unusually timed changes to this field, which makes it easier for user-assisted remote attackers to conduct spoofing attacks via vectors involving navigation, reloads, and redirects. | |||||
| CVE-2010-0064 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.9 MEDIUM | N/A |
| DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ownership during an authenticated Finder copy, which might allow local users to bypass intended disk-quota restrictions and have unspecified other impact by copying files owned by other users. | |||||
| CVE-2012-0299 | 1 Symantec | 1 Web Gateway | 2025-04-11 | 10.0 HIGH | N/A |
| The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors. | |||||
| CVE-2009-4874 | 1 Scripts.oldguy | 1 Talkback | 2025-04-11 | 6.4 MEDIUM | N/A |
| TalkBack 2.3.14 does not properly restrict access to the edit comment feature (comments.php), which allows remote attackers to modify comments. | |||||
| CVE-2013-4452 | 1 Redhat | 1 Jboss Operations Network | 2025-04-11 | 2.1 LOW | N/A |
| Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files. | |||||
| CVE-2011-1551 | 1 Novell | 1 Opensuse Factory | 2025-04-11 | 6.9 MEDIUM | N/A |
| SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon. | |||||
| CVE-2011-2143 | 1 Ibm | 1 Datacap Taskmaster Capture | 2025-04-11 | 6.8 MEDIUM | N/A |
| IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows Authentication is enabled, allows remote attackers to obtain login access by using an incorrect password in conjunction with an account name from a different domain. | |||||
| CVE-2012-3386 | 1 Gnu | 1 Automake | 2025-04-11 | 4.4 MEDIUM | N/A |
| The "make distcheck" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-1757 | 1 Apple | 2 Iphone Os, Ipod Touch | 2025-04-11 | 6.4 MEDIUM | N/A |
| WebKit in Apple iOS before 4 on the iPhone and iPod touch does not enforce the expected boundary restrictions on content display by an IFRAME element, which allows remote attackers to spoof the user interface via a crafted HTML document. | |||||