Total
5247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-0543 | 1 Fuse | 1 Fuse | 2025-04-11 | 3.3 LOW | N/A |
| Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack. | |||||
| CVE-2010-0752 | 2 Drupal, Earl Dunovant | 2 Drupal, Week | 2025-04-11 | 5.0 MEDIUM | N/A |
| The week_post_page function in the Weekly Archive by Node Type module 6.x before 6.x-2.7 for Drupal does not properly implement node access restrictions when constructing SQL queries, which allows remote attackers to read restricted node listings via unspecified vectors. | |||||
| CVE-2013-2133 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2025-04-11 | 5.5 MEDIUM | N/A |
| The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. | |||||
| CVE-2013-5191 | 1 Apple | 1 Mac Os X | 2025-04-11 | 2.1 LOW | N/A |
| The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions. | |||||
| CVE-2013-0276 | 1 Rubyonrails | 1 Rails | 2025-04-11 | 4.3 MEDIUM | N/A |
| ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and 3.2.x before 3.2.12 allows remote attackers to bypass the attr_protected protection mechanism and modify protected model attributes via a crafted request. | |||||
| CVE-2013-0918 | 1 Google | 1 Chrome | 2025-04-11 | 6.8 MEDIUM | N/A |
| Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site. | |||||
| CVE-2011-0401 | 1 Matomo | 1 Matomo | 2025-04-11 | 5.0 MEDIUM | N/A |
| Piwik before 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote attackers to cause a denial of service (inode consumption) by establishing many sessions. | |||||
| CVE-2011-1127 | 1 Simplemachines | 1 Smf | 2025-04-11 | 10.0 HIGH | N/A |
| SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors. | |||||
| CVE-2012-2314 | 1 Fedoraproject | 1 Anaconda | 2025-04-11 | 2.1 LOW | N/A |
| The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password guessing attacks. | |||||
| CVE-2013-0501 | 1 Ibm | 1 Cognos Disclosure Management | 2025-04-11 | 9.3 HIGH | N/A |
| The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this program, via a crafted web site. | |||||
| CVE-2010-1238 | 1 Moinmo | 1 Moinmoin | 2025-04-11 | 5.0 MEDIUM | N/A |
| MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values. | |||||
| CVE-2012-4413 | 1 Openstack | 1 Keystone | 2025-04-11 | 4.0 MEDIUM | N/A |
| OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles. | |||||
| CVE-2012-4501 | 2 Apache, Citrix | 2 Cloudstack, Cloudstack | 2025-04-11 | 10.0 HIGH | N/A |
| Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs. | |||||
| CVE-2012-2603 | 1 Collabnet | 1 Scrumworks | 2025-04-11 | 6.5 MEDIUM | N/A |
| The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client. | |||||
| CVE-2010-2842 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-11 | 9.0 HIGH | N/A |
| Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through 6.0, allows remote authenticated users to bypass intended access restrictions and modify the configuration, and possibly obtain administrative privileges, via unspecified vectors, a different vulnerability than CVE-2010-2843 and CVE-2010-3033. | |||||
| CVE-2010-4215 | 1 Foswiki | 1 Foswiki | 2025-04-11 | 6.5 MEDIUM | N/A |
| UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup. | |||||
| CVE-2012-1313 | 1 Cisco | 1 Unified Computing System | 2025-04-11 | 6.5 MEDIUM | N/A |
| The remote debug shell on the PALO adapter card in Cisco Unified Computing System (UCS) allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772. | |||||
| CVE-2012-3397 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users. | |||||
| CVE-2010-1626 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-11 | 3.6 LOW | N/A |
| MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247. | |||||
| CVE-2012-0450 | 3 Apple, Linux, Mozilla | 4 Mac Os X, Linux Kernel, Firefox and 1 more | 2025-04-11 | 2.1 LOW | N/A |
| Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standard filesystem operations. | |||||