Total
5252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3463 | 1 Cisco | 2 Adaptive Security Appliance, Adaptive Security Appliance Software | 2025-04-11 | 4.3 MEDIUM | N/A |
| The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use an inspected protocol, aka Bug ID CSCuh13899. | |||||
| CVE-2009-5019 | 1 Webwiz | 1 Web Wiz Newspad | 2025-04-11 | 5.0 MEDIUM | N/A |
| Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb. | |||||
| CVE-2013-0718 | 1 Simeji | 1 Simeji | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Simeji application 4.8.1 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. | |||||
| CVE-2012-2696 | 1 Redhat | 1 Enterprise Virtualization Manager | 2025-04-11 | 2.7 LOW | N/A |
| The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request. | |||||
| CVE-2011-1582 | 1 Apache | 1 Tomcat | 2025-04-11 | 4.3 MEDIUM | N/A |
| Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a servlet without following security constraints that have been configured through annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088, CVE-2011-1183, and CVE-2011-1419. | |||||
| CVE-2013-5424 | 1 Ibm | 1 Flex System Manager | 2025-04-11 | 6.8 MEDIUM | N/A |
| IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account. | |||||
| CVE-2012-5298 | 1 Mavili Guestbook Project | 1 Mavili Guestbook | 2025-04-11 | 5.0 MEDIUM | N/A |
| Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request. | |||||
| CVE-2012-1828 | 1 Efstechnology | 1 Autoform Pdm Archive | 2025-04-11 | 6.5 MEDIUM | N/A |
| The administrative functions in AutoFORM PDM Archive before 7.1 do not have authorization requirements, which allows remote authenticated users to perform administrative actions by leveraging knowledge of a hidden function, as demonstrated by the password-change function. | |||||
| CVE-2012-4141 | 1 Cisco | 1 Nx-os | 2025-04-11 | 6.2 MEDIUM | N/A |
| Directory traversal vulnerability in the CLI parser in Cisco NX-OS allows local users to create arbitrary script files via a relative pathname in the "file name" parameter, aka Bug IDs CSCua71557 and CSCua71551. | |||||
| CVE-2012-2354 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. | |||||
| CVE-2012-1826 | 1 Dotcms | 1 Dotcms | 2025-04-11 | 6.0 MEDIUM | N/A |
| dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted (1) XSLT or (2) Velocity template. | |||||
| CVE-2011-1836 | 1 Ecryptfs | 2 Ecryptfs-utils, Ecryptfs Utils | 2025-04-11 | 4.6 MEDIUM | N/A |
| utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process. | |||||
| CVE-2013-2239 | 1 Openvz | 1 Vzkernel | 2025-04-11 | 4.7 MEDIUM | N/A |
| vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via (1) a crafted ploop driver ioctl call, related to the ploop_getdevice_ioc function in drivers/block/ploop/dev.c, or (2) a crafted quotactl system call, related to the compat_quotactl function in fs/quota/quota.c. | |||||
| CVE-2013-4310 | 1 Apache | 1 Struts | 2025-04-11 | 5.8 MEDIUM | N/A |
| Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix. | |||||
| CVE-2010-1447 | 1 Postgresql | 1 Postgresql | 2025-04-11 | 8.5 HIGH | N/A |
| The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution. | |||||
| CVE-2013-1027 | 1 Apple | 1 Mac Os X | 2025-04-11 | 6.8 MEDIUM | N/A |
| Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. | |||||
| CVE-2010-3223 | 1 Microsoft | 1 Windows Server 2008 | 2025-04-11 | 7.5 HIGH | N/A |
| The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." | |||||
| CVE-2010-4145 | 1 Aspindir | 1 Kisisel Radyo Script | 2025-04-11 | 5.0 MEDIUM | N/A |
| Kisisel Radyo Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for sevvo/eco23.mdb. | |||||
| CVE-2013-0265 | 1 Bitbucket | 1 Xnbd | 2025-04-11 | 2.1 LOW | N/A |
| The redirect_stderr function in xnbd_common.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log. | |||||
| CVE-2010-3055 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-11 | 7.5 HIGH | N/A |
| The configuration setup script (aka scripts/setup.php) in phpMyAdmin 2.11.x before 2.11.10.1 does not properly restrict key names in its output file, which allows remote attackers to execute arbitrary PHP code via a crafted POST request. | |||||