Total
5252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1810 | 1 C3-ilex | 1 Eoscada | 2025-04-11 | 5.0 MEDIUM | N/A |
| EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service (daemon restart) by sending data to TCP port (1) 5050 or (2) 24004. | |||||
| CVE-2014-2019 | 1 Apple | 1 Iphone Os | 2025-04-11 | 4.9 MEDIUM | 4.6 MEDIUM |
| The iCloud subsystem in Apple iOS before 7.1 allows physically proximate attackers to bypass an intended password requirement, and turn off the Find My iPhone service or complete a Delete Account action and then associate this service with a different Apple ID account, by entering an arbitrary iCloud Account Password value and a blank iCloud Account Description value. | |||||
| CVE-2012-1423 | 11 Authentium, Emsisoft, Eset and 8 more | 11 Command Antivirus, Anti-malware, Nod32 Antivirus and 8 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, K7 AntiVirus 9.77.3565, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
| CVE-2013-5556 | 1 Cisco | 1 Nexus 1000v | 2025-04-11 | 6.8 MEDIUM | N/A |
| The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340. | |||||
| CVE-2013-0261 | 1 Openstack | 2 Essex, Folsom | 2025-04-11 | 4.4 MEDIUM | N/A |
| (1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. | |||||
| CVE-2013-3407 | 1 Cisco | 1 Server Provisioner | 2025-04-11 | 5.0 MEDIUM | N/A |
| The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information via a direct request, aka Bug ID CSCug65664. | |||||
| CVE-2013-6128 | 1 Wellintech | 1 Kingview | 2025-04-11 | 5.8 MEDIUM | N/A |
| The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack. | |||||
| CVE-2013-1922 | 1 Xen | 1 Xen | 2025-04-11 | 3.3 LOW | N/A |
| qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004. | |||||
| CVE-2012-5638 | 1 Ovirt | 1 Sanlock | 2025-04-11 | 3.6 LOW | N/A |
| The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations. | |||||
| CVE-2012-4417 | 1 Gluster | 1 Glusterfs | 2025-04-11 | 3.6 LOW | N/A |
| GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | |||||
| CVE-2010-4624 | 1 Mybb | 1 Mybb | 2025-04-11 | 3.5 LOW | N/A |
| MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated users to bypass intended restrictions on the number of [img] MyCodes by editing a post after it has been created. | |||||
| CVE-2012-5966 | 1 Dlink | 1 Dsl-2730u | 2025-04-11 | 4.0 MEDIUM | N/A |
| The restricted telnet shell on the D-Link DSL2730U router allows remote authenticated users to bypass intended command restrictions via shell metacharacters that follow a whitelisted command. | |||||
| CVE-2012-1969 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 4.3 MEDIUM | N/A |
| The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment. | |||||
| CVE-2013-2123 | 2 Drupal, Node Access User Reference Project | 2 Drupal, Nodeaccess Userreference Module | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author update/delete grants are enabled and the author's user account is deleted, which allows remote attackers to modify the content via unspecified vectors. | |||||
| CVE-2012-2138 | 1 Apache | 2 Org.apache.sling.servlets.post, Sling | 2025-04-11 | 5.0 MEDIUM | N/A |
| The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP request. | |||||
| CVE-2010-2224 | 1 Redhat | 1 Enterprise Virtualization Manager | 2025-04-11 | 2.1 LOW | N/A |
| The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. | |||||
| CVE-2012-2282 | 1 Emc | 3 Celerra Network Server, Vnx, Vnxe | 2025-04-11 | 6.5 MEDIUM | N/A |
| EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request. | |||||
| CVE-2008-7277 | 1 Otrs | 1 Otrs | 2025-04-11 | 6.5 MEDIUM | N/A |
| Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw permission, instead of the configured merge permission, during authorization of merge operations, which might allow remote authenticated users to bypass intended access restrictions by merging two tickets. | |||||
| CVE-2012-4845 | 1 Ibm | 2 Aix, Vios | 2025-04-11 | 6.8 MEDIUM | N/A |
| The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file. | |||||
| CVE-2011-5010 | 1 Ctekproducts | 1 Skyrouter | 2025-04-11 | 10.0 HIGH | N/A |
| apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action. | |||||