Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4944 | 2 Python, Redhat | 2 Python, Enterprise Linux | 2025-04-11 | N/A |
| Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file. | ||||
| CVE-2008-7296 | 1 Apple | 1 Safari | 2025-04-11 | N/A |
| Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | ||||
| CVE-2012-4736 | 1 Sophos | 1 Safeguard Enterprise | 2025-04-11 | N/A |
| The Device Encryption Client component in Sophos SafeGuard Enterprise 6.0, when a volume-based encryption policy is enabled in conjunction with a user-defined key, does not properly block use of exFAT USB flash drives, which makes it easier for local users to bypass intended access restrictions and copy sensitive information to a drive via multiple removal and reattach operations. | ||||
| CVE-2012-0005 | 1 Microsoft | 4 Windows Server 2003, Windows Server 2008, Windows Vista and 1 more | 2025-04-11 | N/A |
| The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability." | ||||
| CVE-2012-4731 | 1 Bestpractical | 1 Rtfm | 2025-04-11 | N/A |
| FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors. | ||||
| CVE-2013-0245 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors. | ||||
| CVE-2011-2330 | 1 Ibm | 1 Tivoli Management Framework | 2025-04-11 | N/A |
| Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 has an unspecified "built-in account" that is "trivially" accessed, which makes it easier for remote attackers to send requests to restricted pages via a session on TCP port 9495, a different vulnerability than CVE-2011-1220. | ||||
| CVE-2012-4730 | 1 Bestpractical | 1 Rt | 2025-04-11 | N/A |
| Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors. | ||||
| CVE-2013-0261 | 2 Openstack, Redhat | 3 Essex, Folsom, Openstack | 2025-04-11 | N/A |
| (1) installer/basedefs.py and (2) modules/ospluginutils.py in PackStack allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp. | ||||
| CVE-2011-0343 | 3 Freebsd, Hp, Oneidentity | 3 Freebsd, Hp-ux, Syslog-ng | 2025-04-11 | N/A |
| Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on FreeBSD or HP-UX, does not properly perform cast operations, which causes syslog-ng to use a default value of -1 to create log files with insecure permissions (07777), which allows local users to read and write to these log files. | ||||
| CVE-2012-0057 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-04-11 | N/A |
| PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. | ||||
| CVE-2010-0306 | 2 Kvm Qumranet, Redhat | 3 Kvm, Enterprise Linux, Rhel Virtualization | 2025-04-11 | N/A |
| The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not use the Current Privilege Level (CPL) and I/O Privilege Level (IOPL) to restrict instruction execution, which allows guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch, a related issue to CVE-2010-0298. | ||||
| CVE-2013-0287 | 2 Fedoraproject, Redhat | 2 Sssd, Enterprise Linux | 2025-04-11 | N/A |
| The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions. | ||||
| CVE-2012-1463 | 12 Ahnlab, Aladdin, Authentium and 9 more | 12 V3 Internet Security, Esafe, Command Antivirus and 9 more | 2025-04-11 | N/A |
| The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations. | ||||
| CVE-2012-1860 | 1 Microsoft | 2 Office Web Apps, Sharepoint Server | 2025-04-11 | N/A |
| Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability." | ||||
| CVE-2012-4677 | 1 Google | 1 Tunnelblick | 2025-04-11 | N/A |
| Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value. | ||||
| CVE-2012-4593 | 1 Mcafee | 2 Application Control, Change Control | 2025-04-11 | N/A |
| McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command. | ||||
| CVE-2011-1032 | 1 Ibm | 2 Lotus Connections, Websphere Application Server | 2025-04-11 | N/A |
| IBM Lotus Connections 3.0, when IBM WebSphere Application Server 7.0.0.11 is used, does not properly restrict access to the internal login module, which has unspecified impact and attack vectors. | ||||
| CVE-2011-1378 | 2 Hp, Ibm | 2 Openvms, Websphere Mq | 2025-04-11 | N/A |
| IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File (UAF) data, which allows local users to kill listener processes and the command server via a control command. | ||||
| CVE-2012-4587 | 1 Mcafee | 2 Enterprise Mobility Manager, Enterprise Mobility Manager Agent | 2025-04-11 | N/A |
| McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server before 10.1, when one-time provisioning (OTP) mode is enabled, have an improper dependency on DNS SRV records, which makes it easier for remote attackers to discover user passwords by spoofing the EMM server, as demonstrated by a password entered on an iOS device. | ||||