Total
5247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0729 | 1 Ubuntu | 1 Language-selector | 2025-04-11 | 7.2 HIGH | N/A |
| dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call. | |||||
| CVE-2012-1452 | 3 Cat, Emsisoft, Ikarus | 3 Quick Heal, Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner | 2025-04-11 | 4.3 MEDIUM | N/A |
| The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a CAB file with a modified reserved1 field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | |||||
| CVE-2012-5302 | 1 Tibco | 1 Formvine | 2025-04-11 | 7.5 HIGH | N/A |
| The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2013-3666 | 2 Google, Lg | 2 Android, Optimus G E973 | 2025-04-11 | 7.2 HIGH | N/A |
| The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge (adb) to establish a USB connection, dialing 3845#*973#, modifying the WLAN Test Wi-Fi Ping Test/User Command tcpdump command string, and pressing the CANCEL button. | |||||
| CVE-2013-5973 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | 4.4 MEDIUM | N/A |
| VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename. | |||||
| CVE-2013-5153 | 1 Apple | 1 Iphone Os | 2025-04-11 | 2.1 LOW | N/A |
| Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | |||||
| CVE-2008-7283 | 1 Otrs | 1 Otrs | 2025-04-11 | 6.0 MEDIUM | N/A |
| Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions. | |||||
| CVE-2011-1386 | 1 Ibm | 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.1, and 2.0, which allows remote attackers to bypass intended authentication or authorization requirements via a non-conforming SAML signature. | |||||
| CVE-2010-0728 | 1 Samba | 1 Samba | 2025-04-11 | 8.5 HIGH | N/A |
| smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client. | |||||
| CVE-2008-7251 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 10.0 HIGH | N/A |
| libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors. | |||||
| CVE-2011-2674 | 1 Basercms | 1 Basercms | 2025-04-11 | 4.9 MEDIUM | N/A |
| BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2011-0167 | 1 Apple | 2 Safari, Webkit | 2025-04-11 | 4.3 MEDIUM | N/A |
| The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. | |||||
| CVE-2011-5270 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 4.0 MEDIUM | N/A |
| wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role. | |||||
| CVE-2010-4238 | 3 Citrix, Linux, Redhat | 3 Xen, Linux Kernel, Enterprise Linux | 2025-04-11 | 5.5 MEDIUM | N/A |
| The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 is used, allows guest OS users to cause a denial of service (host OS panic) via an attempted access to a virtual CD-ROM device through the blkback driver. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4702 | 2 Android, Nimbuzz | 2 Android, Nimbuzz | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application. | |||||
| CVE-2012-3453 | 1 Debian | 1 Logol | 2025-04-11 | 3.6 LOW | N/A |
| logol 1.5.0 uses world writable permissions for the /var/lib/logol/results directory, which allows local users to delete or overwrite arbitrary files. | |||||
| CVE-2010-2239 | 1 Libvirt | 1 Libvirt | 2025-04-11 | 4.4 MEDIUM | N/A |
| Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors. | |||||
| CVE-2013-2581 | 1 Tp-link | 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more | 2025-04-11 | 7.8 HIGH | N/A |
| cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action. | |||||
| CVE-2010-2466 | 3 Linearcorp, S2sys, Sonitrol | 4 Emerge 50, Emerge 5000, Netbox and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
| The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames. | |||||
| CVE-2013-4661 | 1 Civicrm | 1 Civicrm | 2025-04-11 | 4.9 MEDIUM | N/A |
| CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with the "access CiviCRM" permission to bypass intended access restrictions, as demonstrated by accessing custom contribution data without having the "access CiviContribute" permission. | |||||