Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-0706 | 2 Redhat, Sun | 2 Icedtea-web, Jdk | 2025-04-11 | N/A |
| The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor." | ||||
| CVE-2013-1635 | 1 Php | 1 Php | 2025-04-11 | N/A |
| ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. | ||||
| CVE-2013-5165 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 does not properly implement the --blockApp option, which allows remote attackers to bypass intended access restrictions via a network connection to an application for which blocking was configured. | ||||
| CVE-2013-5186 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | ||||
| CVE-2012-2566 | 1 Bloxx | 1 Web Filtering | 2025-04-11 | N/A |
| Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypass intended IP address and domain restrictions, and trigger misleading log entries, via a crafted header. | ||||
| CVE-2012-4425 | 3 Freedesktop, Gtk, Redhat | 3 Spice-gtk, Libgio, Enterprise Linux | 2025-04-11 | N/A |
| libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself. | ||||
| CVE-2012-2640 | 2 Google, Yomecolle | 2 Android, Nec Biglobe Yome Collection | 2025-04-11 | N/A |
| The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE permission. | ||||
| CVE-2010-1663 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||||
| CVE-2012-2720 | 2 Adam Ross, Drupal | 2 Tokenauth, Drupal | 2025-04-11 | N/A |
| The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for Drupal does not properly revert user sessions, which might allow remote attackers to perform requests with extra privileges. | ||||
| CVE-2012-4483 | 2 Acquia, Drupal | 2 Commons, Drupal | 2025-04-11 | N/A |
| The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing. | ||||
| CVE-2012-4488 | 2 Drupal, Location Module Project | 2 Drupal, Location | 2025-04-11 | N/A |
| The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via the location search page. | ||||
| CVE-2012-4549 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-11 | N/A |
| The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB) method invocation, which allows attackers to bypass intended access restrictions for EJB methods. | ||||
| CVE-2012-4582 | 1 Mcafee | 2 Email And Web Security, Email Gateway | 2025-04-11 | N/A |
| McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to reset the passwords of arbitrary administrative accounts via unspecified vectors. | ||||
| CVE-2012-3466 | 1 Gnome | 1 Gnome-keyring | 2025-04-11 | N/A |
| GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unspecified impact via unknown attack vectors. | ||||
| CVE-2012-3560 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| Opera before 11.65 does not ensure that the address field corresponds to the displayed web page during blocked navigation, which makes it easier for remote attackers to conduct spoofing attacks by detecting and preventing attempts to load a different web page. | ||||
| CVE-2012-3579 | 1 Symantec | 1 Messaging Gateway | 2025-04-11 | N/A |
| Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session. | ||||
| CVE-2012-4248 | 1 Amazon | 1 Kindle Touch | 2025-04-11 | N/A |
| The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors involving the (1) dev.log, (2) lipc.set, (3) lipc.get, or (4) todo.scheduleItems method, a different vulnerability than CVE-2012-4249. | ||||
| CVE-2012-3814 | 2 Pippin Williamson, Wordpress | 2 Font Uploader, Wordpress | 2025-04-11 | N/A |
| Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts. | ||||
| CVE-2012-4090 | 1 Cisco | 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more | 2025-04-11 | N/A |
| The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089. | ||||
| CVE-2012-4845 | 1 Ibm | 2 Aix, Vios | 2025-04-11 | N/A |
| The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file. | ||||