Total
311 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-1406 | 1 Mahara | 1 Mahara | 2024-08-06 | N/A |
Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login. | ||||
CVE-2011-1370 | 1 Ibm | 1 Lotus Sametime | 2024-08-06 | N/A |
The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message. | ||||
CVE-2012-5613 | 3 Linux, Mariadb, Oracle | 3 Linux Kernel, Mariadb, Mysql | 2024-08-06 | N/A |
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue. | ||||
CVE-2011-1164 | 2 David King, Redhat | 2 Vino, Enterprise Linux | 2024-08-06 | N/A |
Vino before 2.99.4 can connect external networks contrary to the statement in the vino-preferences dialog box, which might make it easier for remote attackers to perform attacks. | ||||
CVE-2011-1089 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2024-08-06 | N/A |
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. | ||||
CVE-2011-0638 | 1 Microsoft | 1 Windows | 2024-08-06 | N/A |
Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. | ||||
CVE-2011-0400 | 1 Matomo | 1 Matomo | 2024-08-06 | N/A |
Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
CVE-2012-6050 | 1 Mikrotik | 1 Routeros | 2024-08-06 | N/A |
The winbox service in MikroTik RouterOS 5.15 and earlier allows remote attackers to cause a denial of service (CPU consumption), read the router version, and possibly have other impacts via a request to download the router's DLLs or plugins, as demonstrated by roteros.dll. | ||||
CVE-2012-5770 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-08-06 | N/A |
The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spoof servers and decrypt network traffic via a brute-force attack. | ||||
CVE-2012-5634 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, does not properly configure VT-d when supporting a device that is behind a legacy PCI Bridge, which allows local guests to cause a denial of service to other guests by injecting an interrupt. | ||||
CVE-2012-5526 | 2 Andy Armstrong, Redhat | 2 Cgi.pm, Enterprise Linux | 2024-08-06 | N/A |
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. | ||||
CVE-2012-5512 | 1 Citrix | 1 Xenserver | 2024-08-06 | N/A |
Array index error in the HVMOP_set_mem_access handler in Xen 4.1 allows local HVM guest OS administrators to cause a denial of service (crash) or obtain sensitive information via unspecified vectors. | ||||
CVE-2012-4690 | 1 Rockwellautomation | 3 Ab Micrologix Controller, Plc-5 Controller, Slc 500 Controller | 2024-08-06 | N/A |
Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, 1400, and 1500; SLC 500 controller platform; and PLC-5 controller platform, when Static status is not enabled, allow remote attackers to cause a denial of service via messages that trigger modification of status bits. | ||||
CVE-2012-4537 | 2 Redhat, Xen | 2 Enterprise Linux, Xen | 2024-08-06 | N/A |
Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability." | ||||
CVE-2012-4546 | 1 Redhat | 1 Enterprise Linux | 2024-08-06 | N/A |
The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate. | ||||
CVE-2012-3496 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-08-06 | N/A |
XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand. | ||||
CVE-2012-3392 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums. | ||||
CVE-2012-3413 | 1 Kde | 1 Kde Pim | 2024-08-06 | N/A |
The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email. | ||||
CVE-2012-0957 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Mrg | 2024-08-06 | N/A |
The override_release function in kernel/sys.c in the Linux kernel before 3.4.16 allows local users to obtain sensitive information from kernel stack memory via a uname system call in conjunction with a UNAME26 personality. | ||||
CVE-2012-0797 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. |