Search Results (5493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5480 1 Moodle 1 Moodle 2025-04-11 N/A
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search.
CVE-2012-5588 2 Drupal, Epiqo 2 Drupal, Email 2025-04-11 N/A
The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified vectors.
CVE-2012-5603 3 Cloudforms Tools, Redhat, Rhel Sam 3 1, Cloudforms, 1.2 2025-04-11 N/A
proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does not properly check permissions, which allows remote authenticated users to read consumer certificates or change arbitrary users' settings via unspecified vectors related to the "consumer UUID" of a system.
CVE-2012-5951 1 Ibm 2 Tivoli Netview, Z\/os 2025-04-11 N/A
Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level.
CVE-2012-6076 1 Inkscape 1 Inkscape 2025-04-11 N/A
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts.
CVE-2012-6462 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 12.10 does not properly implement the Cross-Origin Resource Sharing (CORS) specification, which allows remote attackers to bypass intended page-content restrictions via a crafted request.
CVE-2010-2532 1 Opensuse 1 Opensuse 2025-04-11 N/A
lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments.
CVE-2010-4045 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context.
CVE-2010-4043 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 10.63 does not prevent interpretation of a cross-origin document as a CSS stylesheet when the document lacks a CSS token sequence, which allows remote attackers to obtain sensitive information via a crafted document.
CVE-2010-0734 2 Curl, Redhat 2 Libcurl, Enterprise Linux 2025-04-11 N/A
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit.
CVE-2010-4021 1 Mit 1 Kerberos 5 2025-04-11 N/A
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 does not properly restrict the use of TGT credentials for armoring TGS requests, which might allow remote authenticated users to impersonate a client by rewriting an inner request, aka a "KrbFastReq forgery issue."
CVE-2012-6634 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.
CVE-2012-6635 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.
CVE-2013-0151 1 Xen 1 Xen 2025-04-11 N/A
The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause a denial of service (long-duration page mappings and host OS crash) by leveraging administrative access to an HVM guest in a domain with a large number of VCPUs.
CVE-2013-0246 1 Drupal 1 Drupal 2025-04-11 N/A
The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors.
CVE-2013-1286 1 Microsoft 7 Windows 7, Windows 8, Windows Server 2003 and 4 more 2025-04-11 N/A
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
CVE-2013-1287 1 Microsoft 7 Windows 7, Windows 8, Windows Server 2003 and 4 more 2025-04-11 N/A
The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
CVE-2013-0254 2 Qt, Redhat 2 Qt, Enterprise Linux 2025-04-11 N/A
The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.
CVE-2013-1214 1 Cisco 1 Unified Contact Center Express Editor Software 2025-04-11 N/A
The scripts editor in Cisco Unified Contact Center Express (aka Unified CCX) does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546.
CVE-2004-2769 1 Cerberusftp 1 Ftp Server 2025-04-11 N/A
Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.