Total
2800 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4127 | 3 Linux, Redhat, Suse | 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more | 2024-08-07 | N/A |
| The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume. | ||||
| CVE-2011-4016 | 1 Cisco | 1 Ios | 2024-08-06 | N/A |
| The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when Point-to-Point Termination and Aggregation (PTA) and L2TP are used, allows remote attackers to cause a denial of service (device crash) via crafted network traffic, aka Bug ID CSCtf71673. | ||||
| CVE-2011-2528 | 2 Plone, Zope | 3 Plone, Plone Hotfix 20110720, Zope | 2024-08-06 | N/A |
| Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720. | ||||
| CVE-2011-1898 | 2 Citrix, Redhat | 3 Xen, Enterprise Linux, Rhel Eus | 2024-08-06 | N/A |
| Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough on Intel VT-d chipsets that do not have interrupt remapping, allows guest OS users to gain host OS privileges by "using DMA to generate MSI interrupts by writing to the interrupt injection registers." | ||||
| CVE-2011-1762 | 1 Wordpress | 1 Wordpress | 2024-08-06 | 6.5 Medium |
| A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post as if they had 'publish_posts' permission. | ||||
| CVE-2011-0720 | 2 Plone, Redhat | 4 Plone, Conga, Luci and 1 more | 2024-08-06 | N/A |
| Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors. | ||||
| CVE-2012-6689 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-08-06 | 7.8 High |
| The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux kernel before 3.5.5 does not validate the dst_pid field, which allows local users to have an unspecified impact by spoofing Netlink messages. | ||||
| CVE-2012-5519 | 3 Apple, Debian, Redhat | 3 Cups, Debian Linux, Enterprise Linux | 2024-08-06 | N/A |
| CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface. | ||||
| CVE-2012-5500 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2024-08-06 | N/A |
| The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request. | ||||
| CVE-2012-5497 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2024-08-06 | N/A |
| membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL. | ||||
| CVE-2012-4411 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
| The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest administrators to obtain sensitive host resource information via the qemu monitor. NOTE: this might be a duplicate of CVE-2007-0998. | ||||
| CVE-2012-4379 | 1 Mediawiki | 1 Mediawiki | 2024-08-06 | N/A |
| MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element. | ||||
| CVE-2012-4380 | 1 Mediawiki | 1 Mediawiki | 2024-08-06 | N/A |
| MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors. | ||||
| CVE-2012-3416 | 2 Condor Project, Redhat | 2 Condor, Enterprise Mrg | 2024-08-06 | N/A |
| Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname. | ||||
| CVE-2012-2947 | 2 Debian, Digium | 3 Debian Linux, Asterisk, Certified Asterisk | 2024-08-06 | N/A |
| chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold. | ||||
| CVE-2012-1327 | 1 Cisco | 1 Ios | 2024-08-06 | N/A |
| dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 allows remote attackers to cause a denial of service (assertion failure and reboot) via 802.11 wireless traffic, as demonstrated by a video call from Apple iOS 5.0 on an iPhone 4S, aka Bug ID CSCtt94391. | ||||
| CVE-2013-7461 | 1 Mcafee | 2 Application Control, Change Control | 2024-08-06 | N/A |
| A write protection and execution bypass vulnerability in McAfee (now Intel Security) Change Control (MCC) 6.1.0 for Linux and earlier allows authenticated users to change files that are part of write protection rules via specific conditions. | ||||
| CVE-2013-7460 | 1 Mcafee | 2 Application Control, Change Control | 2024-08-06 | N/A |
| A write protection and execution bypass vulnerability in McAfee (now Intel Security) Application Control (MAC) 6.1.0 for Linux and earlier allows authenticated users to change binaries that are part of the Application Control whitelist and allows execution of binaries via specific conditions. | ||||
| CVE-2013-7293 | 1 Asus | 1 Wl-330nul | 2024-08-06 | N/A |
| The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. | ||||
| CVE-2013-6739 | 1 Ibm | 1 Spss Modeler | 2024-08-06 | N/A |
| IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855. | ||||