Total
5252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0478 | 1 Mozilla | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| The texImage2D implementation in the WebGL subsystem in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 does not properly restrict JSVAL_TO_OBJECT casts, which might allow remote attackers to execute arbitrary code via a crafted web page. | |||||
| CVE-2010-3033 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-11 | 9.0 HIGH | N/A |
| Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2842 and CVE-2010-2843. | |||||
| CVE-2011-4578 | 1 Tedfelix | 1 Acpid2 | 2025-04-11 | 4.6 MEDIUM | N/A |
| event.c in acpid (aka acpid2) before 2.0.11 does not have an appropriate umask setting during execution of event-handler scripts, which might allow local users to (1) perform write operations within directories created by a script, or (2) read files created by a script, via standard filesystem system calls. | |||||
| CVE-2012-3690 | 1 Apple | 1 Safari | 2025-04-11 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to read arbitrary files via a crafted web site. | |||||
| CVE-2012-2313 | 3 Linux, Novell, Redhat | 8 Linux Kernel, Suse Linux Enterprise Server, Enterprise Linux and 5 more | 2025-04-11 | 1.2 LOW | N/A |
| The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel before 3.3.7 does not restrict access to the SIOCSMIIREG command, which allows local users to write data to an Ethernet adapter via an ioctl call. | |||||
| CVE-2010-0524 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 7.5 HIGH | N/A |
| The default configuration of the FreeRADIUS server in Apple Mac OS X Server before 10.6.3 permits EAP-TLS authenticated connections on the basis of an arbitrary client certificate, which allows remote attackers to obtain network connectivity via a crafted RADIUS Access Request message. | |||||
| CVE-2013-4326 | 2 Lennart Poettering, Redhat | 2 Rkit, Enterprise Linux | 2025-04-11 | 4.6 MEDIUM | N/A |
| RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | |||||
| CVE-2013-5521 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-11 | 5.0 MEDIUM | N/A |
| Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of requests within one session, aka Bug ID CSCue94287. | |||||
| CVE-2014-1489 | 6 Canonical, Mozilla, Opensuse and 3 more | 8 Ubuntu Linux, Firefox, Opensuse and 5 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 27.0 does not properly restrict access to about:home buttons by script on other pages, which allows user-assisted remote attackers to cause a denial of service (session restore) via a crafted web site. | |||||
| CVE-2012-0866 | 1 Postgresql | 1 Postgresql | 2025-04-11 | 6.5 MEDIUM | N/A |
| CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table. | |||||
| CVE-2012-3365 | 1 Php | 1 Php | 2025-04-11 | 5.0 MEDIUM | N/A |
| The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. | |||||
| CVE-2013-3596 | 1 Advanceprotech | 1 Advanceware | 2025-04-11 | 4.0 MEDIUM | N/A |
| AdvancePro Advanceware allows remote authenticated users to obtain sensitive information about arbitrary customers' orders via a modified id parameter. | |||||
| CVE-2010-0023 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2025-04-11 | 6.9 MEDIUM | N/A |
| The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability." | |||||
| CVE-2010-0401 | 1 Openttd | 1 Openttd | 2025-04-11 | 6.5 MEDIUM | N/A |
| OpenTTD before 1.0.1 accepts a company password for authentication in response to a request for the server password, which allows remote authenticated users to bypass intended access restrictions or cause a denial of service (daemon crash) by sending a company password packet. | |||||
| CVE-2013-6404 | 1 Quassel-irc | 1 Quassel Irc | 2025-04-11 | 4.0 MEDIUM | N/A |
| Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via the bufferid in (1) 16/select_buffer_by_id.sql, (2) 16/select_buffer_by_id.sql, and (3) 16/select_buffer_by_id.sql in core/SQL/PostgreSQL/. | |||||
| CVE-2013-2242 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server. | |||||
| CVE-2011-0010 | 1 Todd Miller | 1 Sudo | 2025-04-11 | 4.4 MEDIUM | N/A |
| check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. | |||||
| CVE-2012-4442 | 1 Monkey-project | 1 Monkey | 2025-04-11 | 4.7 MEDIUM | N/A |
| Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check. | |||||
| CVE-2013-7067 | 2 Drupal, Mike Stefanello | 2 Drupal, Og Features | 2025-04-11 | 5.8 MEDIUM | N/A |
| The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request. | |||||
| CVE-2012-2101 | 1 Openstack | 1 Nova | 2025-04-11 | 3.5 LOW | N/A |
| Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the number of security group rules, which allows remote authenticated users with certain permissions to cause a denial of service (CPU and hard drive consumption) via a network request that triggers a large number of iptables rules. | |||||