Total
5480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2058 | 1 Prelude-technologies | 1 Prewikka | 2025-04-11 | 2.1 LOW | N/A |
| setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password. | |||||
| CVE-2011-4703 | 2 Android, Nathanielkh | 2 Android, Limit My Call | 2025-04-11 | 5.8 MEDIUM | N/A |
| The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application. | |||||
| CVE-2010-1065 | 1 Lebisoft | 1 Ziyaretci Defteri | 2025-04-11 | 5.0 MEDIUM | N/A |
| Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/lebisoft.mdb. | |||||
| CVE-2013-1280 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-04-11 | 7.2 HIGH | N/A |
| The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability." | |||||
| CVE-2010-2320 | 1 Eterna | 1 Bozohttpd | 2025-04-11 | 5.0 MEDIUM | N/A |
| bozotic HTTP server (aka bozohttpd) before 20100621 allows remote attackers to list the contents of home directories, and determine the existence of user accounts, via multiple requests for URIs beginning with /~ sequences. | |||||
| CVE-2010-3197 | 1 Ibm | 1 Db2 | 2025-04-11 | 5.0 MEDIUM | N/A |
| IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2010-3781 | 2 Alvaro Herrera, Postgresql | 2 Pl\/php, Postgresql | 2025-04-11 | 6.0 MEDIUM | N/A |
| The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433. | |||||
| CVE-2013-1776 | 2 Apple, Todd Miller | 2 Mac Os X, Sudo | 2025-04-11 | 4.4 MEDIUM | N/A |
| sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. | |||||
| CVE-2013-0731 | 2 Mailup, Wordpress | 2 Wp-mailup, Wordpress | 2025-04-11 | 5.0 MEDIUM | N/A |
| ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks by setting the wordpress_logged_in cookie. NOTE: this is due to an incomplete fix for a similar issue that was fixed in 1.3.2. | |||||
| CVE-2014-0721 | 1 Cisco | 1 Unified Sip Phone 3905 | 2025-04-11 | 10.0 HIGH | N/A |
| The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574. | |||||
| CVE-2013-6802 | 1 Google | 1 Chrome | 2025-04-11 | 5.8 MEDIUM | N/A |
| Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632. | |||||
| CVE-2010-1225 | 1 Microsoft | 3 Virtual Pc, Virtual Server, Windows Virtual Pc | 2025-04-11 | 9.3 HIGH | N/A |
| The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS." | |||||
| CVE-2013-2318 | 1 Jig | 2 Movatwitouch, Movatwitouch Paid | 2025-04-11 | 2.6 LOW | N/A |
| The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allows attackers to hijack Twitter accounts via a crafted application. | |||||
| CVE-2014-0268 | 1 Microsoft | 1 Internet Explorer | 2025-04-11 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 8 through 11 does not properly restrict file installation and registry-key creation, which allows remote attackers to bypass the Mandatory Integrity Control protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||||
| CVE-2013-0720 | 1 Cob\'s Products | 1 Cobime | 2025-04-11 | 5.0 MEDIUM | N/A |
| The COBIME application before 0.9.4 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. | |||||
| CVE-2012-4475 | 2 Drupal, Security Questions Project | 2 Drupal, Security Questions | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1 does not properly restrict access, which allows remote attackers to edit an arbitrary user's questions and answers via unspecified vectors. | |||||
| CVE-2013-4260 | 1 Redhat | 1 Ansible | 2025-04-11 | 3.3 LOW | N/A |
| lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/. | |||||
| CVE-2012-3491 | 1 Condor Project | 1 Condor | 2025-04-11 | 4.0 MEDIUM | N/A |
| src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors. | |||||
| CVE-2013-1693 | 1 Mozilla | 3 Firefox, Thunderbird, Thunderbird Esr | 2025-04-11 | 4.3 MEDIUM | N/A |
| The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by observing timing differences in execution of filter code. | |||||
| CVE-2012-1424 | 6 Antiy, Cat, Jiangmin and 3 more | 6 Avl Sdk, Quick Heal, Jiangmin Antivirus and 3 more | 2025-04-11 | 4.3 MEDIUM | N/A |
| The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||