Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-5169 | 1 Apple | 1 Mac Os X | 2024-09-16 | N/A |
| CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. | ||||
| CVE-2019-1626 | 1 Cisco | 8 Sd-wan Firmware, Vedge-100, Vedge-1000 and 5 more | 2024-09-16 | 8.8 High |
| A vulnerability in the vManage web-based UI (Web UI) of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to gain elevated privileges on an affected vManage device. The vulnerability is due to a failure to properly authorize certain user actions in the device configuration. An attacker could exploit this vulnerability by logging in to the vManage Web UI and sending crafted HTTP requests to vManage. A successful exploit could allow attackers to gain elevated privileges and make changes to the configuration that they would not normally be authorized to make. | ||||
| CVE-2013-0706 | 1 Nec | 1 Universal Raid Utility | 2024-09-16 | N/A |
| NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and earlier, and 2.5 Rev 2244 and earlier does not provide access control, which allows remote attackers to perform arbitrary RAID disk operations via unspecified vectors. | ||||
| CVE-2008-7298 | 2 Android, Google | 2 Android Browser, Android | 2024-09-16 | N/A |
| The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an HTTP response, related to lack of the HTTP Strict Transport Security (HSTS) includeSubDomains feature, aka a "cookie forcing" issue. | ||||
| CVE-2015-3379 | 1 Views Project | 1 Views | 2024-09-16 | N/A |
| The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2011-4961 | 1 Silverstripe | 1 Silverstripe | 2024-09-16 | N/A |
| SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups. | ||||
| CVE-2013-2834 | 1 Google | 1 Chrome Os | 2024-09-16 | N/A |
| Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835. | ||||
| CVE-2022-36387 | 1 About-me Project | 1 About-me | 2024-09-16 | 7.6 High |
| Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress. | ||||
| CVE-2022-42461 | 1 Miniorange | 1 Google Authenticator | 2024-09-16 | 5.4 Medium |
| Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. | ||||
| CVE-2012-1907 | 1 Privawall | 1 Privawall Antivirus | 2024-09-16 | N/A |
| The scanner engine in PrivaWall Antivirus 5.6 and earlier does not recognize the Office XML (aka Open Document XML) file format, which allows remote attackers to bypass malware detection via a crafted file embedded in a WordML document. | ||||
| CVE-2012-5539 | 2 Drupal, Organic Groups Project | 2 Drupal, Organic Groups | 2024-09-16 | N/A |
| The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved. | ||||
| CVE-2013-2246 | 1 Moodle | 1 Moodle | 2024-09-16 | N/A |
| mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time. | ||||
| CVE-2007-5757 | 1 Ibm | 1 Db2 Universal Database | 2024-09-16 | N/A |
| Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as CVE-2008-0697. | ||||
| CVE-2009-5121 | 1 Websense | 1 Websense Email Security | 2024-09-16 | N/A |
| Websense Email Security 7.1 before Hotfix 4 allows remote attackers to bypass the sender-based blacklist by using the 8BITMIME EHLO keyword in the SMTP session. | ||||
| CVE-2010-3483 | 1 Bouzouste | 1 Primitive Cms | 2024-09-16 | N/A |
| cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters. | ||||
| CVE-2011-4865 | 2 Google, Tencent | 3 Android, Microblogpad, Wblog | 2024-09-16 | N/A |
| The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search keywords via a crafted application. | ||||
| CVE-2012-3484 | 1 Google | 1 Tunnelblick | 2024-09-16 | N/A |
| Tunnelblick 3.3beta20 and earlier relies on a test for specific ownership and permissions to determine whether a program can be safely executed, which allows local users to bypass intended access restrictions and gain privileges via a (1) user-mountable image or (2) network share. | ||||
| CVE-2013-0318 | 2 Banckle Chat Project, Drupal | 2 Banckle Chat, Drupal | 2024-09-16 | N/A |
| The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors. | ||||
| CVE-2010-0184 | 1 Tibco | 1 Runtime Agent | 2024-09-16 | N/A |
| The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors. | ||||
| CVE-2013-5171 | 1 Apple | 1 Mac Os X | 2024-09-16 | N/A |
| CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. | ||||