Total
5457 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-6798 | 3 Apple, Blackberry, Microsoft | 3 Mac Os X, Blackberry Link, Windows | 2025-04-11 | 5.8 MEDIUM | N/A |
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694. | |||||
CVE-2009-2901 | 1 Apache | 1 Tomcat | 2025-04-11 | 4.3 MEDIUM | N/A |
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests. | |||||
CVE-2013-4505 | 1 Apache | 2 Mod Dontdothat, Subversion | 2025-04-11 | 2.6 LOW | N/A |
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. | |||||
CVE-2013-0932 | 1 Emc | 2 Rsa Archer Egrc, Rsa Archer Smartsuite | 2025-04-11 | 4.0 MEDIUM | N/A |
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors. | |||||
CVE-2011-0316 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 5.0 MEDIUM | N/A |
The Administrative Console component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.15 does not properly restrict access to console servlets, which allows remote attackers to obtain potentially sensitive status information via a direct request. | |||||
CVE-2011-3140 | 1 Ibm | 3 G400 Ips-g400-ib-1 Appliance, Gx4004 Ips-gx4004-ib-2 Appliance, Web Application Firewall | 2025-04-11 | 5.0 MEDIUM | N/A |
IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a dangerous parameter value into substrings, as demonstrated by a SQL statement that is split across multiple iid parameters and then sent to a .aspx file on an IIS web server. | |||||
CVE-2012-2389 | 1 W1.fi | 1 Hostapd | 2025-04-11 | 2.1 LOW | N/A |
hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials. | |||||
CVE-2012-3397 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users. | |||||
CVE-2012-4582 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2025-04-11 | 4.9 MEDIUM | N/A |
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. | |||||
CVE-2012-2455 | 1 Advance Productivity Software | 1 Dte Axiom | 2025-04-11 | 6.4 MEDIUM | N/A |
Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, and projects via unspecified vectors. | |||||
CVE-2013-4025 | 1 Ibm | 4 Data Studio Web Console, Db2 Recovery Expert, Infosphere Optim Configuration Manager and 1 more | 2025-04-11 | 1.9 LOW | N/A |
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | |||||
CVE-2010-3092 | 1 Drupal | 1 Drupal | 2025-04-11 | 5.5 MEDIUM | N/A |
The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does not properly support case-insensitive filename handling in a database configuration, which allows remote authenticated users to bypass the intended restrictions on downloading a file by uploading a different file with a similar name. | |||||
CVE-2013-0208 | 2 Canonical, Openstack | 3 Ubuntu Linux, Essex, Folsom | 2025-04-11 | 6.5 MEDIUM | N/A |
The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter. | |||||
CVE-2009-4998 | 1 Ibm | 1 Filenet P8 Application Engine | 2025-04-11 | 2.6 LOW | N/A |
The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-019 and 4.0.2.x before 4.0.2.7-P8AE-FP007, in certain FileTracker configurations, does not apply a security policy to the first document added during a session, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
CVE-2012-5901 | 1 Dflabs | 1 Ptk | 2025-04-11 | 5.0 MEDIUM | N/A |
DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory. | |||||
CVE-2011-2768 | 1 Tor | 1 Tor | 2025-04-11 | 5.8 MEDIUM | N/A |
Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected. | |||||
CVE-2011-1496 | 1 Nicholas Marriott | 1 Tmux | 2025-04-11 | 4.6 MEDIUM | N/A |
tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option. | |||||
CVE-2009-4799 | 1 Diskos | 1 Diskos Cms | 2025-04-11 | 5.0 MEDIUM | N/A |
Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb. | |||||
CVE-2012-1968 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 4.3 MEDIUM | N/A |
Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote attackers to obtain sensitive description information by reading the tooltip portions of an HTML e-mail message. | |||||
CVE-2012-5665 | 1 Owncloud | 1 Owncloud Server | 2025-04-11 | 4.3 MEDIUM | N/A |
ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly restrict access to settings.php, which allows remote attackers to edit app configurations of user_webdavauth and user_ldap by editing this file. |