Total
5252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0963 | 1 Cisco | 2 Nac Guest Server, Nac Guest Server Software | 2025-04-11 | 5.0 MEDIUM | N/A |
| The default configuration of the RADIUS authentication feature on the Cisco Network Admission Control (NAC) Guest Server with software before 2.0.3 allows remote attackers to bypass intended access restrictions and obtain network connectivity via unspecified vectors, aka Bug ID CSCtj66922. | |||||
| CVE-2010-4485 | 1 Google | 1 Chrome | 2025-04-11 | 4.3 MEDIUM | N/A |
| Google Chrome before 8.0.552.215 does not properly restrict the generation of file dialogs, which allows remote attackers to cause a denial of service (reduced usability and possible application crash) via a crafted web site. | |||||
| CVE-2009-5064 | 1 Gnu | 1 Glibc | 2025-04-11 | 6.9 MEDIUM | N/A |
| ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc. | |||||
| CVE-2010-5094 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 5.0 MEDIUM | N/A |
| The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing." | |||||
| CVE-2012-6119 | 2 Candlepinproject, Redhat | 2 Candlepin, Subscription Asset Manager | 2025-04-11 | 2.1 LOW | N/A |
| Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests. | |||||
| CVE-2011-2740 | 2 Emc, Mozilla | 2 Rsa Key Manager Appliance, Firefox | 2025-04-11 | 9.3 HIGH | N/A |
| EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation. | |||||
| CVE-2013-3037 | 1 Ibm | 1 Rational Requirements Composer | 2025-04-11 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors. | |||||
| CVE-2012-1121 | 1 Mantisbt | 1 Mantisbt | 2025-04-11 | 4.9 MEDIUM | N/A |
| MantisBT before 1.2.9 does not properly check permissions, which allows remote authenticated users with manager privileges to (1) modify or (2) delete global categories. | |||||
| CVE-2010-4021 | 1 Mit | 1 Kerberos 5 | 2025-04-11 | 2.1 LOW | N/A |
| The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue." | |||||
| CVE-2012-0304 | 1 Symantec | 1 Liveupdate Administrator | 2025-04-11 | 6.9 MEDIUM | N/A |
| Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions (Everyone: Full Control) for the installation directory, which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2011-4589 | 1 Moodle | 1 Moodle | 2025-04-11 | 5.5 MEDIUM | N/A |
| backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action. | |||||
| CVE-2012-2440 | 1 Tp-link | 1 8840t | 2025-04-11 | 7.5 HIGH | N/A |
| The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2012-1649 | 2 Danielb, Drupal | 2 Cool Aid, Drupal | 2025-04-11 | 4.9 MEDIUM | N/A |
| Cool Aid module before 6.x-1.9 for Drupal does not enforce access restrictions, which allows remote authenticated users with the administer coolaid permission to modify arbitrary pages via unspecified vectors. | |||||
| CVE-2011-1321 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | 6.5 MEDIUM | N/A |
| The AuthCache purge implementation in the Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group membership specified in an old RACF Object (aka RACO). | |||||
| CVE-2013-1687 | 1 Mozilla | 3 Firefox, Thunderbird, Thunderbird Esr | 2025-04-11 | 9.3 HIGH | N/A |
| The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) implementations in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly restrict XBL user-defined functions, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges, or conduct cross-site scripting (XSS) attacks, via a crafted web site. | |||||
| CVE-2014-0649 | 1 Cisco | 1 Secure Access Control System | 2025-04-11 | 9.0 HIGH | N/A |
| The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180. | |||||
| CVE-2011-0006 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 1.9 LOW | N/A |
| The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM. | |||||
| CVE-2013-7315 | 2 Springsource, Vmware | 2 Spring Framework, Spring Framework | 2025-04-11 | 6.8 MEDIUM | N/A |
| The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML with JAXB, aka an XML External Entity (XXE) issue, and a different vulnerability than CVE-2013-4152. NOTE: this issue was SPLIT from CVE-2013-4152 due to different affected versions. | |||||
| CVE-2012-4908 | 1 Google | 2 Android, Chrome | 2025-04-11 | 7.5 HIGH | N/A |
| Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. | |||||
| CVE-2010-0650 | 3 Apple, Canonical, Google | 3 Safari, Ubuntu Linux, Chrome | 2025-04-11 | 2.6 LOW | N/A |
| WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. | |||||