Total
5247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4650 | 1 Mongodb | 1 Mongodb | 2025-04-11 | 6.5 MEDIUM | N/A |
| MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database. | |||||
| CVE-2012-0205 | 1 Ibm | 2 Infosphere Information Server, Infosphere Metadata Workbench | 2025-04-11 | 6.5 MEDIUM | N/A |
| InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 does not properly restrict use of the troubleshooting feature, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (workbench outage) via unspecified vectors. | |||||
| CVE-2013-3264 | 1 Smackcoders | 1 Wp Ultimate Email Marketer Plugin | 2025-04-11 | 6.4 MEDIUM | N/A |
| The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign data. | |||||
| CVE-2013-0346 | 1 Apache | 1 Tomcat | 2025-04-11 | 2.1 LOW | N/A |
| Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information." | |||||
| CVE-2013-6230 | 1 Isc | 1 Bind | 2025-04-11 | 6.8 MEDIUM | N/A |
| The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ISC BIND 9.6-ESV before 9.6-ESV-R10-P1, 9.8 before 9.8.6-P1, 9.9 before 9.9.4-P1, 9.9.3-S1, 9.9.4-S1, and other products, does not properly support the SIO_GET_INTERFACE_LIST command for netmask 255.255.255.255, which allows remote attackers to bypass intended IP address restrictions by leveraging misinterpretation of this netmask as a 0.0.0.0 netmask. | |||||
| CVE-2013-0692 | 2 Emerson, Enea | 4 Dl 8000 Remote Terminal Unit, Roc 800 Remote Terminal Unit, Roc 800l Remote Terminal Unit and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
| The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service. | |||||
| CVE-2011-2368 | 1 Mozilla | 1 Firefox | 2025-04-11 | 10.0 HIGH | N/A |
| The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2012-6563 | 1 Elgg | 1 Elgg | 2025-04-11 | 4.3 MEDIUM | N/A |
| engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors. | |||||
| CVE-2013-3315 | 1 Tibco | 1 Silver Mobile | 2025-04-11 | 6.5 MEDIUM | N/A |
| The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2010-1908 | 1 Consona | 3 Consona Dynamic Agent, Consona Live Assistance, Consona Subscriber Assistance | 2025-04-11 | 9.3 HIGH | N/A |
| The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in the url argument to (1) HTTPDownloadFile or (2) HTTPGetFile. | |||||
| CVE-2010-3615 | 1 Isc | 1 Bind | 2025-04-11 | 5.0 MEDIUM | N/A |
| named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism. | |||||
| CVE-2011-2203 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
| The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent record. | |||||
| CVE-2012-4500 | 2 Drupal, Nancy Wichmann | 2 Drupal, Announcements | 2025-04-11 | 3.5 LOW | N/A |
| The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact. | |||||
| CVE-2012-3973 | 1 Mozilla | 1 Firefox | 2025-04-11 | 7.6 HIGH | N/A |
| The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and connecting to that service through the HTTPMonitor port. | |||||
| CVE-2012-2707 | 2 Antoine Beaupre, Drupal | 2 Hostmaster, Drupal | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes. | |||||
| CVE-2011-5098 | 1 Opscode | 1 Chef | 2025-04-11 | 6.5 MEDIUM | N/A |
| chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the validation key and executing a knife client create command with the --admin option. | |||||
| CVE-2012-2356 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. | |||||
| CVE-2012-4974 | 1 Laytontechnology | 1 Helpbox | 2025-04-11 | 6.5 MEDIUM | N/A |
| Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) loggedinuser, or (5) loggedinusername cookie. | |||||
| CVE-2012-0406 | 1 Emc | 1 Data Protection Advisor | 2025-04-11 | 7.8 HIGH | N/A |
| The DPA_Utilities.cProcessAuthenticationData function in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an AUTHENTICATECONNECTION command that (1) lacks a password field or (2) has an empty password. | |||||
| CVE-2010-0535 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 6.5 MEDIUM | N/A |
| Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||