Total
5457 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-7293 | 1 Mozilla | 1 Firefox | 2025-04-11 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | |||||
| CVE-2010-3713 | 1 Usebb | 1 Usebb | 2025-04-11 | 4.3 MEDIUM | N/A |
| rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed. | |||||
| CVE-2010-3321 | 1 Rsa | 1 Authentication Client | 2025-04-11 | 1.5 LOW | N/A |
| RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS#11 API requests. | |||||
| CVE-2010-3738 | 1 Ibm | 1 Db2 | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery. | |||||
| CVE-2012-1515 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | 8.3 HIGH | N/A |
| VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine. | |||||
| CVE-2012-1450 | 3 Emsisoft, Ikarus, Sophos | 3 Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner, Sophos Anti-virus | 2025-04-11 | 4.3 MEDIUM | N/A |
| The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Sophos Anti-Virus 4.61.0, and Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0 allows remote attackers to bypass malware detection via a CAB file with a modified reserved3 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | |||||
| CVE-2014-0672 | 1 Cisco | 1 Mediasense | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface. | |||||
| CVE-2011-4925 | 2 Cluster Resources, Clusterresources | 2 Torque Resource Manager, Torque Resource Manager | 2025-04-11 | 4.9 MEDIUM | N/A |
| Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 2.5.9, when munge authentication is used, allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors. | |||||
| CVE-2011-0539 | 1 Openbsd | 1 Openssh | 2025-04-11 | 5.0 MEDIUM | N/A |
| The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks. | |||||
| CVE-2011-4613 | 4 Canonical, Debian, Ubuntu and 1 more | 4 Ubuntu Linux, Debian Linux, Linux and 1 more | 2025-04-11 | 4.6 MEDIUM | N/A |
| The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY. | |||||
| CVE-2014-0262 | 1 Microsoft | 1 Windows 7 | 2025-04-11 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." | |||||
| CVE-2013-6886 | 3 Apple, Linux, Realvnc | 3 Mac Os X, Linux Kernel, Realvnc | 2025-04-11 | 7.2 HIGH | N/A |
| RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper. | |||||
| CVE-2012-2120 | 1 Debian | 1 Texlive-extra-utils | 2025-04-11 | 3.3 LOW | N/A |
| latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. | |||||
| CVE-2013-4672 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2025-04-11 | 7.2 HIGH | N/A |
| The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command. | |||||
| CVE-2013-2997 | 1 Ibm | 1 Security Appscan | 2025-04-11 | 1.7 LOW | N/A |
| IBM Security AppScan Enterprise before 8.7 does not invalidate the session context upon a logout action, which allows remote attackers to hijack sessions by leveraging an unattended workstation. | |||||
| CVE-2014-1626 | 1 Galen Charlton | 1 Marc-xml | 2025-04-11 | 5.0 MEDIUM | N/A |
| XML External Entity (XXE) vulnerability in MARC::File::XML module before 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other products, allows context-dependent attackers to read arbitrary files via a crafted XML file. | |||||
| CVE-2013-4325 | 1 Hp | 1 Linux Imaging And Printing Project | 2025-04-11 | 6.9 MEDIUM | N/A |
| The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process. | |||||
| CVE-2010-1408 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to bypass intended restrictions on outbound connections to "non-default TCP ports" via a crafted port number, related to an "integer truncation issue." NOTE: this may overlap CVE-2010-1099. | |||||
| CVE-2011-4216 | 1 Investintech | 1 Slimpdf Reader | 2025-04-11 | 9.3 HIGH | N/A |
| Investintech.com SlimPDF Reader does not properly restrict write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. | |||||
| CVE-2013-2190 | 2 Clutter Project, Opensuse | 2 Clutter, Opensuse | 2025-04-11 | 2.1 LOW | N/A |
| The translate_hierarchy_event function in x11/clutter-device-manager-xi2.c in Clutter, when resuming the system, does not properly handle XIQueryDevice errors when a device has "disappeared," which causes the gnome-shell to crash and allows physically proximate attackers to access the previous gnome-shell session via unspecified vectors. | |||||