Total
5252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3706 | 1 Dovecot | 1 Dovecot | 2025-04-11 | 5.5 MEDIUM | N/A |
| plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox. | |||||
| CVE-2011-2330 | 1 Ibm | 1 Tivoli Management Framework | 2025-04-11 | 9.0 HIGH | N/A |
| Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send requests to restricted pages via a session on TCP port 9495, a different vulnerability than CVE-2011-1220. | |||||
| CVE-2012-2702 | 2 Drupal, Tony Freixas | 2 Drupal, Ubercart Product Keys | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid. | |||||
| CVE-2012-3383 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 2.6 LOW | N/A |
| The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text. | |||||
| CVE-2010-2296 | 1 Google | 1 Chrome | 2025-04-11 | 9.3 HIGH | N/A |
| The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors. | |||||
| CVE-2013-0510 | 1 Ibm | 1 Security Appscan | 2025-04-11 | 4.3 MEDIUM | N/A |
| IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test account by capturing these cookies. | |||||
| CVE-2013-5606 | 1 Mozilla | 1 Network Security Services | 2025-04-11 | 5.8 MEDIUM | N/A |
| The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. | |||||
| CVE-2013-4259 | 1 Redhat | 1 Ansible | 2025-04-11 | 1.9 LOW | N/A |
| runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/. | |||||
| CVE-2013-5165 | 1 Apple | 1 Mac Os X | 2025-04-11 | 6.4 MEDIUM | N/A |
| socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. | |||||
| CVE-2011-4925 | 2 Cluster Resources, Clusterresources | 2 Torque Resource Manager, Torque Resource Manager | 2025-04-11 | 4.9 MEDIUM | N/A |
| Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 2.5.9, when munge authentication is used, allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors. | |||||
| CVE-2012-1447 | 4 Aladdin, Drweb, Fortinet and 1 more | 4 Esafe, Dr.web Antivirus, Fortinet Antivirus and 1 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, Dr.Web 5.0.2.03300, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified e_version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | |||||
| CVE-2013-2796 | 1 Schneider-electric | 3 Citectscada, Powerlogic Scada, Vijeo Citect | 2025-04-11 | 6.9 MEDIUM | N/A |
| Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-5691 | 1 Freebsd | 1 Freebsd | 2025-04-11 | 6.9 MEDIUM | N/A |
| The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows local users to perform link-layer actions, cause a denial of service (panic), or possibly gain privileges via a crafted application. | |||||
| CVE-2013-0529 | 1 Ibm | 1 Sterling Connect Direct User Interface | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 through 1.5.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2013-5455 | 1 Ibm | 1 Smartcloud Provisioning | 2025-04-11 | 4.9 MEDIUM | N/A |
| IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems[#].delete command. | |||||
| CVE-2010-1141 | 2 Microsoft, Vmware | 8 Windows, Ace, Esx and 5 more | 2025-04-11 | 8.5 HIGH | N/A |
| VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly access libraries, which allows user-assisted remote attackers to execute arbitrary code by tricking a Windows guest OS user into clicking on a file that is stored on a network share. | |||||
| CVE-2011-2745 | 1 Chyrp | 1 Chyrp | 2025-04-11 | 6.5 MEDIUM | N/A |
| upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users to upload a .php file, and consequently execute arbitrary PHP code, via a write_post action to the default URI under admin/. | |||||
| CVE-2013-0924 | 1 Google | 1 Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors. | |||||
| CVE-2012-1455 | 2 Eset, Rising-global | 2 Nod32 Antivirus, Rising Antivirus | 2025-04-11 | 4.3 MEDIUM | N/A |
| The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a CAB file with a modified vMinor version field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | |||||
| CVE-2012-5168 | 1 Atutor | 1 Acontent | 2025-04-11 | 7.5 HIGH | N/A |
| ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_inline_editor_submit.php. | |||||