Total
5247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4773 | 2 Android, Anguanjia | 2 Android, Anguanjia | 2025-04-11 | 5.8 MEDIUM | N/A |
| The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. | |||||
| CVE-2013-0219 | 2 Fedoraproject, Redhat | 2 Sssd, Enterprise Linux | 2025-04-11 | 3.7 LOW | N/A |
| System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a symlink attack on another user's files. | |||||
| CVE-2013-5572 | 1 Zabbix | 1 Zabbix | 2025-04-11 | 3.5 LOW | N/A |
| Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code. | |||||
| CVE-2010-3065 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
| The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker, which allows context-dependent attackers to modify arbitrary session variables via a crafted session variable name. | |||||
| CVE-2012-4077 | 1 Cisco | 1 Nx-os | 2025-04-11 | 6.8 MEDIUM | N/A |
| Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651. | |||||
| CVE-2013-0798 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-11 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which app_tmp is used. | |||||
| CVE-2012-1986 | 2 Puppet, Puppetlabs | 4 Puppet, Puppet Enterprise, Puppet and 1 more | 2025-04-11 | 2.1 LOW | N/A |
| Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack in conjunction with a crafted REST request for a file in a filebucket. | |||||
| CVE-2013-2200 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.0 MEDIUM | N/A |
| WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors. | |||||
| CVE-2010-1204 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 5.0 MEDIUM | N/A |
| Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search." | |||||
| CVE-2013-3061 | 1 Sap | 2 Erp Central Component, Healthcare Industry Solution | 2025-04-11 | 6.5 MEDIUM | N/A |
| The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. | |||||
| CVE-2013-0248 | 1 Apache | 1 Commons Fileupload | 2025-04-11 | 3.3 LOW | N/A |
| The default configuration of javax.servlet.context.tempdir in Apache Commons FileUpload 1.0 through 1.2.2 uses the /tmp directory for uploaded files, which allows local users to overwrite arbitrary files via an unspecified symlink attack. | |||||
| CVE-2010-1172 | 1 Freedesktop | 1 Dbus-glib | 2025-04-11 | 3.6 LOW | N/A |
| DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services. | |||||
| CVE-2012-4954 | 1 Vanillaforums | 2 Vanilla, Vanilla Forums | 2025-04-11 | 3.5 LOW | N/A |
| The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related to a "parameter manipulation" issue. | |||||
| CVE-2010-2347 | 1 Sap | 2 J2ee Engine Core, Server Core | 2025-04-11 | 4.9 MEDIUM | N/A |
| The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors. | |||||
| CVE-2010-4723 | 1 Smarty | 1 Smarty | 2025-04-11 | 9.3 HIGH | N/A |
| Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors. | |||||
| CVE-2013-2077 | 1 Xen | 1 Xen | 2025-04-11 | 5.2 MEDIUM | N/A |
| Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors. | |||||
| CVE-2012-1427 | 3 Cat, Norman, Sophos | 3 Quick Heal, Norman Antivirus \& Antispyware, Sophos Anti-virus | 2025-04-11 | 4.3 MEDIUM | N/A |
| The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \57\69\6E\5A\69\70 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
| CVE-2013-0337 | 1 F5 | 1 Nginx | 2025-04-11 | 7.5 HIGH | N/A |
| The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files. | |||||
| CVE-2011-4296 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.5 MEDIUM | N/A |
| lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role. | |||||
| CVE-2011-2600 | 1 Microsoft | 1 Windows Xp | 2025-04-11 | 7.1 HIGH | N/A |
| The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK. | |||||