Total
5457 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4729 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 5.5 MEDIUM | N/A |
import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request. | |||||
CVE-2011-3014 | 1 Novell | 2 Data Synchronizer, Mobility Pack | 2025-04-11 | 5.0 MEDIUM | N/A |
The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensitive information by leveraging an unattended workstation. | |||||
CVE-2013-1662 | 1 Vmware | 2 Player, Workstation | 2025-04-11 | 6.9 MEDIUM | N/A |
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function. | |||||
CVE-2012-1641 | 2 Danielb, Drupal | 2 Finder, Drupal | 2025-04-11 | 6.0 MEDIUM | N/A |
The finder_import function in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote authenticated users with the administer finder permission to execute arbitrary PHP code via admin/build/finder/import. | |||||
CVE-2013-6180 | 1 Emc | 2 Rsa Netwitness Nextgen, Rsa Security Analytics | 2025-04-11 | 6.8 MEDIUM | N/A |
EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent. | |||||
CVE-2013-3880 | 1 Microsoft | 3 Windows 8, Windows Rt, Windows Server 2012 | 2025-04-11 | 3.5 LOW | N/A |
The App Container feature in the kernel-mode drivers in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to bypass intended access restrictions and obtain sensitive information from a different container via a Trojan horse application, aka "App Container Elevation of Privilege Vulnerability." | |||||
CVE-2011-4961 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 6.0 MEDIUM | N/A |
SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups. | |||||
CVE-2013-5191 | 1 Apple | 1 Mac Os X | 2025-04-11 | 2.1 LOW | N/A |
The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions. | |||||
CVE-2012-2225 | 1 360zip | 1 360zip | 2025-04-11 | 7.5 HIGH | N/A |
360zip 1.93beta allows remote attackers to execute arbitrary code via vectors related to file browsing and file extraction. | |||||
CVE-2012-5218 | 1 Hp | 1 Elitepad | 2025-04-11 | 7.2 HIGH | N/A |
HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating systems via unspecified vectors. | |||||
CVE-2012-2352 | 1 Sympa | 1 Sympa | 2025-04-11 | 7.5 HIGH | N/A |
The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions. | |||||
CVE-2012-3441 | 1 Icinga | 1 Icinga | 2025-04-11 | 7.5 HIGH | N/A |
The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors. | |||||
CVE-2011-2547 | 1 Cisco | 4 Sa500 Software, Sa520, Sa520w and 1 more | 2025-04-11 | 9.0 HIGH | N/A |
The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web forms, aka Bug ID CSCtq65681. | |||||
CVE-2013-0008 | 1 Microsoft | 6 Windows 7, Windows 8, Windows Rt and 3 more | 2025-04-11 | 7.2 HIGH | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability." | |||||
CVE-2013-1063 | 2 Canonical, Evan Dandrea | 2 Ubuntu Linux, Usb-creator | 2025-04-11 | 4.6 MEDIUM | N/A |
usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | |||||
CVE-2011-1224 | 1 Ibm | 1 Websphere Mq | 2025-04-11 | 4.3 MEDIUM | N/A |
IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not use the CRL Distribution Points (CDP) certificate extension, which might allow man-in-the-middle attackers to spoof an SSL partner via a revoked certificate for a (1) client, (2) queue manager, or (3) application. | |||||
CVE-2011-1549 | 1 Gentoo | 2 Linux, Logrotate | 2025-04-11 | 6.3 MEDIUM | N/A |
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages. | |||||
CVE-2012-4542 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.6 MEDIUM | N/A |
block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes. | |||||
CVE-2012-5603 | 1 Redhat | 1 Cloudforms | 2025-04-11 | 5.5 MEDIUM | N/A |
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system. | |||||
CVE-2013-1111 | 1 Cisco | 2 Ata 187 Analog Telephone Adaptor, Ata 187 Analog Telephone Adaptor Firmware | 2025-04-11 | 9.0 HIGH | N/A |
The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038. |