Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0479 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2017-08-29 | 4.0 MEDIUM | N/A |
| IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not properly restrict file types and extensions, which allows remote authenticated users to bypass intended access restrictions via a crafted filename. | |||||
| CVE-2013-0467 | 1 Ibm | 1 Data Studio | 2017-08-29 | 4.0 MEDIUM | N/A |
| IBM Eclipse Help System (IEHS), as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL. | |||||
| CVE-2013-0454 | 3 Canonical, Ibm, Samba | 3 Ubuntu Linux, Storwize, Samba | 2017-08-29 | 4.0 MEDIUM | N/A |
| The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS share attributes, which allows remote authenticated users to (1) write to a read-only share; (2) trigger data-integrity problems related to the oplock, locking, coherency, or leases attribute; or (3) have an unspecified impact by leveraging incorrect handling of the browseable or "hide unreadable" parameter. | |||||
| CVE-2013-0245 | 1 Drupal | 1 Drupal | 2017-08-29 | 2.1 LOW | N/A |
| The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles and possibly node content via unspecified vectors. | |||||
| CVE-2013-0208 | 2 Canonical, Openstack | 3 Ubuntu Linux, Essex, Folsom | 2017-08-29 | 6.5 MEDIUM | N/A |
| The boot-from-volume feature in OpenStack Compute (Nova) Folsom and Essex, when using nova-volumes, allows remote authenticated users to boot from other users' volumes via a volume id in the block_device_mapping parameter. | |||||
| CVE-2013-0199 | 1 Redhat | 1 Freeipa | 2017-08-29 | 5.0 MEDIUM | N/A |
| The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors. | |||||
| CVE-2013-0168 | 1 Redhat | 1 Enterprise Virtualization Manager | 2017-08-29 | 4.0 MEDIUM | N/A |
| The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service (free space consumption of other storage domains) via unspecified vectors. | |||||
| CVE-2013-0127 | 1 Ibm | 1 Lotus Notes | 2017-08-29 | 5.8 MEDIUM | N/A |
| IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and JMOY95BN49. | |||||
| CVE-2012-6563 | 1 Elgg | 1 Elgg | 2017-08-29 | 4.3 MEDIUM | N/A |
| engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors. | |||||
| CVE-2012-6562 | 1 Elgg | 1 Elgg | 2017-08-29 | 6.8 MEDIUM | N/A |
| engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts. | |||||
| CVE-2012-6359 | 1 Ibm | 2 Tivoli Federated Identity Manager, Tivoli Federated Identity Manager Business Gateway | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned attributes. | |||||
| CVE-2012-6357 | 1 Ibm | 3 Maximo Asset Management, Maximo Asset Management Essentials, Smartcloud Control Desk | 2017-08-29 | 6.5 MEDIUM | N/A |
| IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors. | |||||
| CVE-2012-6356 | 1 Ibm | 3 Maximo Asset Management, Maximo Asset Management Essentials, Smartcloud Control Desk | 2017-08-29 | 6.5 MEDIUM | N/A |
| IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to an import operation. | |||||
| CVE-2012-6355 | 1 Ibm | 7 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 4 more | 2017-08-29 | 6.5 MEDIUM | N/A |
| IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management Database (CCMDB) 7.1 and 7.2, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges via vectors related to a work order. | |||||
| CVE-2012-6110 | 1 Bcron Project | 1 Bcron Exec | 2017-08-29 | 2.1 LOW | N/A |
| bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor. | |||||
| CVE-2012-6036 | 1 Xen | 1 Xen | 2017-08-29 | 4.4 MEDIUM | N/A |
| The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) tmemc_restore_flush_page functions in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 do not check for negative id pools, which allows local guest OS users to cause a denial of service (memory corruption and host crash) or possibly execute arbitrary code via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. | |||||
| CVE-2012-6033 | 1 Xen | 1 Xen | 2017-08-29 | 4.4 MEDIUM | N/A |
| The do_tmem_control function in the Transcendent Memory (TMEM) in Xen 4.0, 4.1, and 4.2 does not properly check privileges, which allows local guest OS users to access control stack operations via unspecified vectors. NOTE: this issue was originally published as part of CVE-2012-3497, which was too general; CVE-2012-3497 has been SPLIT into this ID and others. | |||||
| CVE-2012-5951 | 1 Ibm | 2 Tivoli Netview, Z\/os | 2017-08-29 | 7.2 HIGH | N/A |
| Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, and 6.1 on z/OS allows local users to gain privileges by leveraging access to the normal Unix System Services (USS) security level. | |||||
| CVE-2012-5938 | 3 Conectiva, Ibm, Novell | 3 Linux, Infosphere Information Server, Unixware | 2017-08-29 | 7.2 HIGH | N/A |
| The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations. | |||||
| CVE-2012-5901 | 1 Dflabs | 1 Ptk | 2017-08-29 | 5.0 MEDIUM | N/A |
| DFLabs PTK 1.0.5 stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read logs, images, or reports via a direct request to the file in the (1) log, (2) images, or (3) report directory. | |||||