Total
5247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2439 | 1 Netgear | 1 Prosafe Fvs318n | 2025-04-11 | 7.5 HIGH | N/A |
| The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2012-6359 | 1 Ibm | 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned attributes. | |||||
| CVE-2014-1903 | 2 Freepbx, Sangoma | 2 Freepbx, Freepbx | 2025-04-11 | 7.5 HIGH | N/A |
| admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php. | |||||
| CVE-2012-0028 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 7.2 HIGH | N/A |
| The robust futex implementation in the Linux kernel before 2.6.28 does not properly handle processes that make exec system calls, which allows local users to cause a denial of service or possibly gain privileges by writing to a memory location in a child process. | |||||
| CVE-2008-7279 | 1 Otrs | 1 Otrs | 2025-04-11 | 6.5 MEDIUM | N/A |
| The CustomerInterface component in Open Ticket Request System (OTRS) before 2.2.8 allows remote authenticated users to bypass intended access restrictions and access tickets of arbitrary customers via unspecified vectors. | |||||
| CVE-2012-3991 | 4 Canonical, Mozilla, Redhat and 1 more | 12 Ubuntu Linux, Firefox, Seamonkey and 9 more | 2025-04-11 | 9.3 HIGH | N/A |
| Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly restrict JSAPI access to the GetProperty function, which allows remote attackers to bypass the Same Origin Policy and possibly have unspecified other impact via a crafted web site. | |||||
| CVE-2010-2968 | 1 Windriver | 1 Vxworks | 2025-04-11 | 7.8 HIGH | N/A |
| The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2012-2389 | 1 W1.fi | 1 Hostapd | 2025-04-11 | 2.1 LOW | N/A |
| hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials. | |||||
| CVE-2012-0366 | 1 Cisco | 1 Unity Connection | 2025-04-11 | 9.0 HIGH | N/A |
| Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141. | |||||
| CVE-2011-5058 | 1 3ssoftware | 1 Codesys | 2025-04-11 | 6.4 MEDIUM | N/A |
| The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory using \ (backslash) characters in an HTTP GET request. | |||||
| CVE-2013-4452 | 1 Redhat | 1 Jboss Operations Network | 2025-04-11 | 2.1 LOW | N/A |
| Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files. | |||||
| CVE-2013-2144 | 1 Redhat | 1 Enterprise Virtualization Manager | 2025-04-11 | 5.0 MEDIUM | N/A |
| Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot. | |||||
| CVE-2013-6409 | 1 Debian | 1 Adequate | 2025-04-11 | 6.2 MEDIUM | N/A |
| Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl. | |||||
| CVE-2012-0184 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability." | |||||
| CVE-2012-0185 | 1 Microsoft | 3 Excel, Excel Viewer, Office Compatibility Pack | 2025-04-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability." | |||||
| CVE-2012-1429 | 8 Aladdin, Comodo, Emsisoft and 5 more | 9 Esafe, Comodo Antivirus, Anti-malware and 6 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, and nProtect Anti-Virus 2011-01-17.01 allows remote attackers to bypass malware detection via an ELF file with a ustar character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | |||||
| CVE-2012-4906 | 1 Google | 2 Android, Chrome | 2025-04-11 | 5.0 MEDIUM | N/A |
| Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903. | |||||
| CVE-2008-7282 | 1 Otrs | 1 Otrs | 2025-04-11 | 4.6 MEDIUM | N/A |
| Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open Ticket Request System (OTRS) before 2.2.6, when the CustomerPanelOwnSelection and CustomerGroupSupport options are enabled, allows remote authenticated users to bypass intended access restrictions, and perform certain (1) list and (2) write operations on queues, via unspecified vectors. | |||||
| CVE-2013-3154 | 1 Microsoft | 3 Windows 7, Windows Defender, Windows Server 2008 | 2025-04-11 | 6.9 MEDIUM | N/A |
| The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability." | |||||
| CVE-2013-2219 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Directory Server | 2025-04-11 | 4.0 MEDIUM | N/A |
| The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server do not properly restrict access to entity attributes, which allows remote authenticated users to obtain sensitive information via a search query for the attribute. | |||||