Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7247 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2025-04-11 | N/A |
| cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST. | ||||
| CVE-2011-2600 | 1 Microsoft | 1 Windows Xp | 2025-04-11 | N/A |
| The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK. | ||||
| CVE-2011-3458 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 file. | ||||
| CVE-2012-0691 | 1 Broadcom | 1 License Software | 2025-04-11 | N/A |
| CA License (aka CA Licensing) before 1.90.03 does not properly restrict system commands, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2012-0776 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2025-04-11 | N/A |
| The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | ||||
| CVE-2011-2471 | 1 Maynard Johnson | 1 Oprofile | 2025-04-11 | N/A |
| utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760. | ||||
| CVE-2012-0692 | 1 Broadcom | 1 License Software | 2025-04-11 | N/A |
| CA License (aka CA Licensing) before 1.90.03 allows local users to modify or create arbitrary files, and consequently gain privileges, via unspecified vectors. | ||||
| CVE-2011-2658 | 1 Novell | 1 Zenworks Configuration Management | 2025-04-11 | N/A |
| The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks Configuration Management (ZCM) 10.2, 10.3, and 11 SP1 provides access to the mscomct2.ocx file, which allows remote attackers to execute arbitrary code by leveraging unspecified mscomct2 flaws. | ||||
| CVE-2011-2147 | 1 Openswan | 1 Openswan | 2025-04-11 | N/A |
| Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784. | ||||
| CVE-2010-0299 | 1 Opensuse | 1 Opensuse | 2025-04-11 | N/A |
| openSUSE 11.2 installs the devtmpfs root directory with insecure permissions (1777), which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2010-0650 | 3 Apple, Canonical, Google | 3 Safari, Ubuntu Linux, Chrome | 2025-04-11 | N/A |
| WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. | ||||
| CVE-2010-3615 | 1 Isc | 1 Bind | 2025-04-11 | N/A |
| named in ISC BIND 9.7.2-P2 does not check all intended locations for allow-query ACLs, which might allow remote attackers to make successful requests for private DNS records via the standard DNS query mechanism. | ||||
| CVE-2010-4021 | 1 Mit | 1 Kerberos 5 | 2025-04-11 | N/A |
| The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue." | ||||
| CVE-2010-0288 | 1 Dokuwiki | 1 Dokuwiki | 2025-04-11 | N/A |
| A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010. | ||||
| CVE-2010-0393 | 1 Apple | 1 Cups | 2025-04-11 | N/A |
| The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. | ||||
| CVE-2010-0661 | 2 Apple, Google | 2 Webkit, Chrome | 2025-04-11 | N/A |
| WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before r52401, as used in Google Chrome before 4.0.249.78, allows remote attackers to bypass the Same Origin Policy via vectors involving the window.open method. | ||||
| CVE-2011-2674 | 1 Basercms | 1 Basercms | 2025-04-11 | N/A |
| BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors. | ||||
| CVE-2010-0791 | 1 Ncpfs | 1 Ncpfs | 2025-04-11 | N/A |
| The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits. | ||||
| CVE-2010-1190 | 1 Mediawiki | 1 Mediawiki | 2025-04-11 | N/A |
| thumb.php in MediaWiki before 1.15.2, when used with access-restriction mechanisms such as img_auth.php, does not check user permissions before providing scaled images, which allows remote attackers to bypass intended access restrictions and read private images via unspecified manipulations. | ||||
| CVE-2010-2199 | 1 Rpm | 1 Rpm | 2025-04-11 | N/A |
| lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to bypass intended access restrictions by creating a hard link to a vulnerable file that has a POSIX ACL, a related issue to CVE-2010-2059. | ||||