Total
5247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6102 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.4 MEDIUM | N/A |
| lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI. | |||||
| CVE-2012-2188 | 1 Ibm | 2 Power Hardware Management Console Firmware, Systems Director Management Console Firmware | 2025-04-11 | 7.2 HIGH | N/A |
| IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character. | |||||
| CVE-2013-2301 | 1 Omron | 1 Openwnn | 2025-04-11 | 4.3 MEDIUM | N/A |
| The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. | |||||
| CVE-2014-1960 | 1 Sap | 2 Netweaver, Netweaver Solution Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-4872 | 1 Google | 1 Glass | 2025-04-11 | 6.9 MEDIUM | N/A |
| Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a crafted symbol, as demonstrated by selecting a Wi-Fi access point in order to conduct a man-in-the-middle attack. | |||||
| CVE-2010-4534 | 1 Djangoproject | 1 Django | 2025-04-11 | 4.0 MEDIUM | N/A |
| The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series of requests containing regular expressions, as demonstrated by a created_by__password__regex parameter. | |||||
| CVE-2012-1644 | 2 Drupal, Gizra | 2 Drupal, Og Vocab | 2025-04-11 | 2.1 LOW | N/A |
| The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors. | |||||
| CVE-2012-1860 | 1 Microsoft | 2 Office Web Apps, Sharepoint Server | 2025-04-11 | 5.5 MEDIUM | N/A |
| Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability." | |||||
| CVE-2012-5385 | 1 Webcalendar Project | 1 Webcalendar | 2025-04-11 | 7.5 HIGH | N/A |
| install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows remote attackers to modify settings.php and possibly execute arbitrary code via vectors related to the user theme preference. | |||||
| CVE-2012-3417 | 1 Jan Kara | 1 Linux Diskquota | 2025-04-11 | 4.0 MEDIUM | N/A |
| The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny. | |||||
| CVE-2011-1738 | 1 Hp | 1 Palm Webos | 2025-04-11 | 7.2 HIGH | N/A |
| HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Development Kit (PDK) applications, which allows local users to gain privileges by leveraging unintended filesystem write access. | |||||
| CVE-2010-2554 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-11 | 6.8 MEDIUM | 7.8 HIGH |
| The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability." | |||||
| CVE-2010-3856 | 1 Gnu | 1 Glibc | 2025-04-11 | 7.2 HIGH | N/A |
| ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so. | |||||
| CVE-2013-1066 | 2 Canonical, Ubuntu Developers | 2 Ubuntu Linux, Language-selector | 2025-04-11 | 4.6 MEDIUM | N/A |
| language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | |||||
| CVE-2011-2999 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2025-04-11 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170. | |||||
| CVE-2013-4707 | 1 Dlink | 2 Des-3810, Des-3810 Firmware | 2025-04-11 | 6.3 MEDIUM | N/A |
| The SSH implementation on D-Link Japan DES-3810 devices with firmware before R2.20.011 allows remote authenticated users to cause a denial of service (device hang) by leveraging login access. | |||||
| CVE-2009-3556 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-11 | 1.9 LOW | N/A |
| A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files. | |||||
| CVE-2013-1052 | 1 Canonical | 1 Ubuntu Linux | 2025-04-11 | 7.2 HIGH | N/A |
| pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo. | |||||
| CVE-2011-3213 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | 7.6 HIGH | N/A |
| The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection. | |||||
| CVE-2012-4113 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 4.6 MEDIUM | N/A |
| The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interface, aka Bug ID CSCtr43374. | |||||