Total
5252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4497 | 1 Openstack | 3 Folsom, Grizzly, Havana | 2025-04-11 | 6.4 MEDIUM | N/A |
| The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions. | |||||
| CVE-2013-1048 | 1 Debian | 1 Apache2 | 2025-04-11 | 4.6 MEDIUM | N/A |
| The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack. | |||||
| CVE-2013-4362 | 1 Werner Baumann | 1 Davfs2 | 2025-04-11 | 7.2 HIGH | N/A |
| WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function. | |||||
| CVE-2013-3686 | 1 Ovislink | 1 Airlive Wl2600cam | 2025-04-11 | 10.0 HIGH | N/A |
| cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the administrator password via a list action. | |||||
| CVE-2010-3277 | 1 Vmware | 2 Player, Workstation | 2025-04-11 | 2.1 LOW | N/A |
| The installer in VMware Workstation 7.x before 7.1.2 build 301548 and VMware Player 3.x before 3.1.2 build 301548 renders an index.htm file if present in the installation directory, which might allow local users to trigger unintended interpretation of web script or HTML by creating this file. | |||||
| CVE-2012-4408 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.5 MEDIUM | N/A |
| course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation. | |||||
| CVE-2003-1596 | 1 Novell | 2 Netware, Netware Ftp Server | 2025-04-11 | 7.5 HIGH | N/A |
| NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session. | |||||
| CVE-2013-1696 | 1 Mozilla | 1 Firefox | 2025-04-11 | 4.0 MEDIUM | N/A |
| Mozilla Firefox before 22.0 does not properly enforce the X-Frame-Options protection mechanism, which allows remote attackers to conduct clickjacking attacks via a crafted web site that uses the HTTP server push feature with multipart responses. | |||||
| CVE-2010-0007 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 2.1 LOW | N/A |
| net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access restrictions and configure arbitrary network-traffic filtering via a modified ebtables application. | |||||
| CVE-2013-2874 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-04-11 | 4.3 MEDIUM | N/A |
| Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures. | |||||
| CVE-2011-1375 | 1 Ibm | 1 Aix | 2025-04-11 | 4.9 MEDIUM | N/A |
| IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and wpar_limits_modify system calls, which allows local users to cause a denial of service (system crash) via a crafted call. | |||||
| CVE-2013-2876 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| browser/extensions/api/tabs/tabs_api.cc in Google Chrome before 28.0.1500.71 does not properly enforce restrictions on the capture of screenshots by extensions, which allows remote attackers to obtain sensitive information about the content of a previous page via vectors involving an interstitial page. | |||||
| CVE-2010-4512 | 1 Michael Dehaan | 1 Cobbler | 2025-04-11 | 7.2 HIGH | N/A |
| Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories. | |||||
| CVE-2011-4289 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page. | |||||
| CVE-2010-0674 | 1 2enetworx | 1 Statcountex | 2025-04-11 | 5.0 MEDIUM | N/A |
| StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb. | |||||
| CVE-2012-5574 | 1 Sensiolabs | 1 Symfony | 2025-04-11 | 5.0 MEDIUM | N/A |
| lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote attackers to read arbitrary files via a crafted upload request. | |||||
| CVE-2011-3377 | 3 Canonical, Opensuse, Redhat | 3 Ubuntu Linux, Opensuse, Icedtea-web | 2025-04-11 | 4.3 MEDIUM | N/A |
| The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy (SOP) and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a different sub-domain than the targeted domain. | |||||
| CVE-2011-2169 | 1 Google | 1 Chrome Os | 2025-04-11 | 7.2 HIGH | N/A |
| Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it. | |||||
| CVE-2013-1050 | 1 Gnome | 1 Gnome Screensaver | 2025-04-11 | 7.2 HIGH | N/A |
| The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation. | |||||
| CVE-2013-1287 | 1 Microsoft | 7 Windows 7, Windows 8, Windows Server 2003 and 4 more | 2025-04-11 | 7.2 HIGH | N/A |
| The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286. | |||||