Total
5480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0254 | 1 Qt | 1 Qt | 2025-04-11 | 3.6 LOW | N/A |
| The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server. | |||||
| CVE-2012-2949 | 2 Google, Zte | 2 Android, Score M | 2025-04-11 | 10.0 HIGH | N/A |
| The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted application. | |||||
| CVE-2012-4210 | 1 Mozilla | 1 Firefox | 2025-04-11 | 9.3 HIGH | N/A |
| The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet. | |||||
| CVE-2010-4582 | 1 Opera | 1 Opera Browser | 2025-04-11 | 5.0 MEDIUM | N/A |
| Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2013-4445 | 2 Drupal, Steven Jones | 2 Drupal, Context | 2025-04-11 | 4.9 MEDIUM | N/A |
| The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for remote authenticated users to guess the access token for a block by leveraging the token from a block to which the user has access. | |||||
| CVE-2008-7276 | 1 Otrs | 1 Otrs | 2025-04-11 | 4.6 MEDIUM | N/A |
| Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) before 2.3.2 creates a directory under /tmp/ with 1274 permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations, related to incorrect interpretation of 0700 as a decimal value. | |||||
| CVE-2010-4512 | 1 Michael Dehaan | 1 Cobbler | 2025-04-11 | 7.2 HIGH | N/A |
| Cobbler before 2.0.4 uses an incorrect umask value, which allows local users to have an unspecified impact by leveraging world writable permissions for files and directories. | |||||
| CVE-2012-4677 | 1 Google | 1 Tunnelblick | 2025-04-11 | 4.4 MEDIUM | N/A |
| Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. | |||||
| CVE-2013-0921 | 1 Google | 1 Chrome | 2025-04-11 | 6.8 MEDIUM | N/A |
| The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site. | |||||
| CVE-2012-4553 | 1 Drupal | 1 Drupal | 2025-04-11 | 6.8 MEDIUM | N/A |
| Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient conditions." | |||||
| CVE-2012-3383 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 2.6 LOW | N/A |
| The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text. | |||||
| CVE-2013-2747 | 1 Courion | 1 Access Risk Management Suite | 2025-04-11 | 6.5 MEDIUM | N/A |
| The password reset feature in Courion Access Risk Management Suite Version 8 Update 9 allows remote authenticated users to bypass intended Internet Explorer usage restrictions and execute arbitrary commands by using keyboard shortcuts to navigate the file system and open a command prompt. | |||||
| CVE-2010-0571 | 1 Cisco | 1 Digital Media Manager | 2025-04-11 | 8.5 HIGH | N/A |
| Unspecified vulnerability in Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x allows remote authenticated users to gain privileges via unknown vectors, and consequently execute arbitrary code via a crafted web application, aka Bug ID CSCtc46008. | |||||
| CVE-2011-4704 | 2 Android, Voxofon | 2 Android, Voxofon | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application. | |||||
| CVE-2013-2246 | 1 Moodle | 1 Moodle | 2025-04-11 | 4.0 MEDIUM | N/A |
| mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time. | |||||
| CVE-2010-1575 | 1 Cisco | 1 Content Services Switch 11500 | 2025-04-11 | 7.5 HIGH | N/A |
| The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 conveys authentication data through ClientCert-* headers but does not delete client-supplied ClientCert-* headers, which might allow remote attackers to bypass authentication via crafted header data, as demonstrated by a ClientCert-Subject-CN header, aka Bug ID CSCsz04690. | |||||
| CVE-2013-6734 | 1 Ibm | 1 Websphere Extreme Scale Client | 2025-04-11 | 3.5 LOW | N/A |
| IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container. | |||||
| CVE-2012-0827 | 1 Drupal | 1 Drupal | 2025-04-11 | 3.5 LOW | N/A |
| The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields via unspecified vectors. | |||||
| CVE-2012-2303 | 2 Drupal, Florian Weber | 2 Drupal, Spaces | 2025-04-11 | 7.5 HIGH | N/A |
| The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module. | |||||
| CVE-2013-1300 | 1 Microsoft | 8 Windows 7, Windows 8, Windows Rt and 5 more | 2025-04-11 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability." | |||||