Total
1782 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-7109 | 1 Kyoceramita | 1 Scanner File Utility | 2024-08-07 | 9.8 Critical |
| The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password. | ||||
| CVE-2008-6123 | 4 Net-snmp, Opensuse, Redhat and 1 more | 4 Net-snmp, Opensuse, Enterprise Linux and 1 more | 2024-08-07 | N/A |
| The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." | ||||
| CVE-2008-4577 | 5 Canonical, Dovecot, Fedoraproject and 2 more | 5 Ubuntu Linux, Dovecot, Fedora and 2 more | 2024-08-07 | 7.5 High |
| The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. | ||||
| CVE-2008-3424 | 3 Condor Project, Fedoraproject, Redhat | 3 Condor, Fedora, Enterprise Mrg | 2024-08-07 | N/A |
| Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE, HOSTALLOW_WRITE, or HOSTDENY_WRITE configuration variables in authorization policy lists, which might allow remote attackers to bypass intended access restrictions. | ||||
| CVE-2008-0595 | 4 Fedoraproject, Freedesktop, Mandrakesoft and 1 more | 4 Fedora, Dbus, Mandrake Linux and 1 more | 2024-08-07 | N/A |
| dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface. | ||||
| CVE-2009-4131 | 1 Linux | 1 Linux Kernel | 2024-08-07 | N/A |
| The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions. | ||||
| CVE-2009-0034 | 3 Gratisoft, Redhat, Vmware | 3 Sudo, Enterprise Linux, Esx | 2024-08-07 | 7.8 High |
| parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. | ||||
| CVE-2010-4296 | 3 Apple, Linux, Vmware | 6 Mac Os X, Linux Kernel, Fusion and 3 more | 2024-08-07 | N/A |
| vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files. | ||||
| CVE-2010-3782 | 2 Obs-server, Suse | 2 Obs-server, Linux Enterprise Server | 2024-08-07 | 8.8 High |
| obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation. | ||||
| CVE-2010-2525 | 1 Linux | 1 Linux Kernel | 2024-08-07 | 7.8 High |
| A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file system. | ||||
| CVE-2010-2548 | 1 Redhat | 1 Icedtea6 | 2024-08-07 | 9.1 Critical |
| IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files. | ||||
| CVE-2010-1435 | 1 Joomla | 1 Joomla\! | 2024-08-07 | 9.8 Critical |
| Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently retrieve password reset tokens from the database through an already existing SQL injection vector. Joomla! Core versions 1.5.x ranging from 1.5.0 and up to and including 1.5.15 are vulnerable. | ||||
| CVE-2011-4608 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform, Jboss Enterprise Web Server | 2024-08-07 | N/A |
| mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints. | ||||
| CVE-2011-3617 | 2 Debian, Tahoe-lafs | 2 Debian Linux, Tahoe-lafs | 2024-08-06 | 6.5 Medium |
| Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases. | ||||
| CVE-2011-2726 | 4 Debian, Drupal, Fedoraproject and 1 more | 4 Debian Linux, Drupal, Fedora and 1 more | 2024-08-06 | 7.5 High |
| An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the ability to attach File upload fields to any entity type in the system or has the ability to point individual File upload fields to the private file directory in comments, and the parent node is denied access, non-privileged users can still download the file attached to the comment if they know or guess its direct URL. | ||||
| CVE-2011-1070 | 2 Debian, V86d Project | 2 Debian Linux, V86d | 2024-08-06 | 7.8 High |
| v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences. | ||||
| CVE-2011-1123 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
| Google Chrome before 9.0.597.107 does not properly restrict access to internal extension functions, which has unspecified impact and remote attack vectors. | ||||
| CVE-2012-6094 | 2 Apple, Debian | 2 Cups, Debian Linux | 2024-08-06 | 9.8 Critical |
| cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system | ||||
| CVE-2012-3822 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-08-06 | 7.5 High |
| Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials. | ||||
| CVE-2012-3821 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-08-06 | 4.3 Medium |
| A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field. | ||||