Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5337 | 2 Wordpress Mobile Pack Project, Wpmobilepack | 2 Wordpress Mobile Pack, Wordpress Mobile Pack | 2018-11-19 | 5.0 MEDIUM | N/A |
| The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php. | |||||
| CVE-2010-0650 | 3 Apple, Canonical, Google | 3 Safari, Ubuntu Linux, Chrome | 2018-11-16 | 2.6 LOW | N/A |
| WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, allows remote attackers to bypass intended restrictions on popup windows via crafted use of a mouse click event. | |||||
| CVE-2009-3725 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2018-11-16 | 7.2 HIGH | N/A |
| The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems. | |||||
| CVE-2013-7048 | 1 Openstack | 1 Nova | 2018-11-16 | 3.3 LOW | N/A |
| OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots. | |||||
| CVE-2013-4428 | 2 Canonical, Openstack | 2 Ubuntu Linux, Glance | 2018-11-15 | 3.5 LOW | N/A |
| OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly before 2013.1.4, and Havana before 2013.2, when the download_image policy is configured, does not properly restrict access to cached images, which allows remote authenticated users to read otherwise restricted images via an image UUID. | |||||
| CVE-2009-0899 | 1 Ibm | 3 Integrated Solutions Console, Websphere Application Server, Websphere Portal | 2018-11-08 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 through 7.0.0.4, IBM WebSphere Portal Server 5.1 through 6.0, and IBM Integrated Solutions Console (ISC) 6.0.1 do not properly set the IsSecurityEnabled security flag during migration of WebSphere Member Manager (WMM) to Virtual Member Manager (VMM) and a Federated Repository, which allows attackers to obtain sensitive information from repositories via unspecified vectors. | |||||
| CVE-2008-6125 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2018-11-08 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2008-5506 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-08 | 6.8 MEDIUM | N/A |
| Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure." | |||||
| CVE-2008-5512 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-02 | 6.8 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers." | |||||
| CVE-2008-4915 | 1 Vmware | 6 Ace, Esx, Esxi and 3 more | 2018-11-02 | 6.9 MEDIUM | N/A |
| The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and 5.5.8 and earlier; Player 2.0.x through 2.0.5 and 1.0.x through 1.0.8; ACE 2.0.x through 2.0.5 and earlier, and 1.0.x through 1.0.7; Server 1.0.x through 1.0.7; ESX 2.5.4 through 3.5; and ESXi 3.5, when running 32-bit and 64-bit guest operating systems, does not properly handle the Trap flag, which allows authenticated guest OS users to gain privileges on the guest OS. | |||||
| CVE-2008-4792 | 1 Drupal | 1 Drupal | 2018-11-02 | 6.0 MEDIUM | N/A |
| The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 does not properly validate unspecified content fields of an internal Drupal form, which allows remote authenticated users to bypass intended access restrictions via modified field values. | |||||
| CVE-2008-4791 | 1 Drupal | 1 Drupal | 2018-11-02 | 6.0 MEDIUM | N/A |
| The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might allow remote authenticated users to bypass intended login access rules and successfully login via unknown vectors. | |||||
| CVE-2008-4279 | 1 Vmware | 4 Esx, Player, Server and 1 more | 2018-11-02 | 6.8 MEDIUM | N/A |
| The CPU hardware emulation for 64-bit guest operating systems in VMware Workstation 6.0.x before 6.0.5 build 109488 and 5.x before 5.5.8 build 108000; Player 2.0.x before 2.0.5 build 109488 and 1.x before 1.0.8; Server 1.x before 1.0.7 build 108231; and ESX 2.5.4 through 3.5 allows authenticated guest OS users to gain additional guest OS privileges by triggering an exception that causes the virtual CPU to perform an indirect jump to a non-canonical address. | |||||
| CVE-2008-1363 | 2 Microsoft, Vmware | 5 Windows, Ace, Player and 2 more | 2018-11-01 | 7.2 HIGH | N/A |
| VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process." | |||||
| CVE-2008-4058 | 3 Canonical, Debian, Mozilla | 5 Ubuntu Linux, Debian Linux, Firefox and 2 more | 2018-11-01 | 7.5 HIGH | N/A |
| The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS. | |||||
| CVE-2016-9345 | 1 Emerson | 1 Deltav | 2018-11-01 | 4.9 MEDIUM | 6.8 MEDIUM |
| An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system. | |||||
| CVE-2008-1515 | 1 Otrs | 1 Otrs | 2018-10-31 | 6.4 MEDIUM | N/A |
| The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks." | |||||
| CVE-2008-1998 | 2 Ibm, Microsoft | 2 Db2, Windows | 2018-10-31 | 8.5 HIGH | N/A |
| The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter. | |||||
| CVE-2008-3698 | 1 Vmware | 4 Ace, Player, Server and 1 more | 2018-10-31 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors. | |||||
| CVE-2015-7809 | 1 Symfony | 1 Twig | 2018-10-30 | 6.8 MEDIUM | N/A |
| The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template. | |||||