Total
5250 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3478 | 1 Pizzashack | 1 Rssh | 2025-04-11 | 2.1 LOW | N/A |
| rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line. | |||||
| CVE-2010-3895 | 1 Ibm | 1 Omnifind | 2025-04-11 | 7.2 HIGH | N/A |
| esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows local users to gain privileges by specifying an arbitrary command name as the first argument. | |||||
| CVE-2014-0295 | 1 Microsoft | 1 .net Framework | 2025-04-11 | 4.3 MEDIUM | N/A |
| VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability." | |||||
| CVE-2011-2658 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | 6.8 MEDIUM | N/A |
| The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws. | |||||
| CVE-2011-5093 | 1 Bestpractical | 1 Rt | 2025-04-11 | 6.5 MEDIUM | N/A |
| Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than CVE-2011-4458 and CVE-2011-5092. | |||||
| CVE-2010-0681 | 1 Zeuscms | 1 Zeuscms | 2025-04-11 | 5.0 MEDIUM | N/A |
| ZeusCMS 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for admin/backup.sql. | |||||
| CVE-2013-3506 | 1 Gwos | 1 Groundwork Monitor | 2025-04-11 | 7.5 HIGH | N/A |
| cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes (SSI) functionality. | |||||
| CVE-2012-2566 | 1 Bloxx | 1 Web Filtering | 2025-04-11 | 5.0 MEDIUM | N/A |
| Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypass intended IP address and domain restrictions, and trigger misleading log entries, via a crafted header. | |||||
| CVE-2013-5144 | 1 Apple | 1 Iphone Os | 2025-04-11 | 3.3 LOW | N/A |
| Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference. | |||||
| CVE-2012-2073 | 2 Drupal, Kristof De Jaeger | 2 Drupal, Bundle Copy | 2025-04-11 | 6.0 MEDIUM | N/A |
| The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permissions to execute arbitrary PHP code via unspecified vectors. | |||||
| CVE-2011-4865 | 2 Google, Tencent | 3 Android, Microblogpad, Wblog | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application. | |||||
| CVE-2011-5097 | 1 Opscode | 1 Chef | 2025-04-11 | 5.5 MEDIUM | N/A |
| chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) delete cookbooks via a knife cookbook delete command. | |||||
| CVE-2010-2470 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | 1.9 LOW | N/A |
| Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180. | |||||
| CVE-2014-1438 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 4.7 MEDIUM | N/A |
| The restore_fpu_checking function in arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8 on the AMD K7 and K8 platforms does not clear pending exceptions before proceeding to an EMMS instruction, which allows local users to cause a denial of service (task kill) or possibly gain privileges via a crafted application. | |||||
| CVE-2012-0056 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 6.9 MEDIUM | N/A |
| The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper. | |||||
| CVE-2010-3893 | 1 Ibm | 1 Omnifind | 2025-04-11 | 7.5 HIGH | N/A |
| The administrator interface in IBM OmniFind Enterprise Edition 8.x and 9.x does not restrict use of a session ID (aka SID) value to a single IP address, which allows remote attackers to perform arbitrary administrative actions by leveraging cookie theft, related to a "session impersonation" issue. | |||||
| CVE-2012-1179 | 1 Linux | 1 Linux Kernel | 2025-04-11 | 5.2 MEDIUM | N/A |
| The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages. | |||||
| CVE-2003-1575 | 2 Sun, Symantec | 2 Solaris, Vxfs | 2025-04-11 | 4.6 MEDIUM | N/A |
| VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem. | |||||
| CVE-2011-2329 | 1 Apache | 1 Rampart\/c | 2025-04-11 | 6.5 MEDIUM | N/A |
| The rampart_timestamp_token_validate function in util/rampart_timestamp_token.c in Apache Rampart/C 1.3.0 does not properly calculate the expiration of timestamp tokens, which allows remote attackers to bypass intended access restrictions by leveraging an expired token, a different vulnerability than CVE-2011-0730. | |||||
| CVE-2012-5605 | 1 Redhat | 1 Cloudforms | 2025-04-11 | 2.1 LOW | N/A |
| Grinder in Red Hat CloudForms before 1.1 uses world-writable permissions for /var/lib/pulp/cache/grinder/, which allows local users to modify grinder cache files. | |||||