Search Results (347 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-4586 1 Opera 1 Opera Browser 2025-04-11 N/A
The default configuration of Opera before 11.00 enables WebSockets functionality, which has unspecified impact and remote attack vectors, possibly a related issue to CVE-2010-4508.
CVE-2011-1089 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2025-04-11 N/A
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.
CVE-2011-2077 1 Inventivetec 1 Mediacast 2025-04-11 N/A
The default configuration of the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier enables external TCP connections to port 10000, instead of connections only from 127.0.0.1, which makes it easier for remote attackers to have an unspecified impact via a TCP session.
CVE-2012-3392 1 Moodle 1 Moodle 2025-04-11 N/A
mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums.
CVE-2012-3413 1 Kde 1 Kde Pim 2025-04-11 N/A
The HTMLQuoteColorer::process function in messageviewer/htmlquotecolorer.cpp in KDE PIM 4.6 through 4.8 does not disable JavaScript, Java, and Plugins, which allows remote attackers to inject arbitrary web script or HTML via a crafted email.
CVE-2012-3496 2 Citrix, Xen 2 Xenserver, Xen 2025-04-11 N/A
XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when translating paging mode is not used, allows local PV OS guest kernels to cause a denial of service (BUG triggered and host crash) via invalid flags such as MEMF_populate_on_demand.
CVE-2012-4537 2 Redhat, Xen 2 Enterprise Linux, Xen 2025-04-11 N/A
Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka "Memory mapping failure DoS vulnerability."
CVE-2013-1451 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.
CVE-2010-1972 1 Hp 1 Client Automation Enterprise Infrastructure 2025-04-11 N/A
The default configuration of HP Client Automation (HPCA) Enterprise Infrastructure (aka Radia) allows remote attackers to read log files, and consequently cause a denial of service or have unspecified other impact, via web requests.
CVE-2011-1400 2 Canonical, Debian 3 Ubuntu Linux, Debian Linux, Tex-common 2025-04-11 N/A
The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.
CVE-2010-3315 2 Apache, Redhat 2 Subversion, Enterprise Linux 2025-04-11 N/A
authz.c in the mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz short_circuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass intended access restrictions via svn commands.
CVE-2008-7253 1 Ibm 1 Lotus Domino Server 2025-04-11 N/A
The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
CVE-2011-0189 1 Apple 3 Mac Os X, Mac Os X Server, Terminal 2025-04-11 N/A
The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities.
CVE-2010-0058 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 N/A
freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system.
CVE-2011-1499 2 Banu, Debian 2 Tinyproxy, Debian Linux 2025-04-11 N/A
acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
CVE-2011-0638 1 Microsoft 1 Windows 2025-04-11 N/A
Microsoft Windows does not properly warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.
CVE-2011-1424 3 Emc, Ibm, Microsoft 4 Sourceone Email Management, Lotus Domino, Lotus Notes and 1 more 2025-04-11 N/A
The default configuration of ExShortcut\Web.config in EMC SourceOne Email Management before 6.6 SP1, when the Mobile Services component is used, does not properly set the localOnly attribute of the trace element, which allows remote authenticated users to obtain sensitive information via ASP.NET Application Tracing.
CVE-2013-0470 1 Ibm 1 Netezza Performance Portal 2025-04-11 N/A
HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by listing image files.
CVE-2013-1450 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd.
CVE-2011-4499 2 Cisco, Linksys 4 Linksys Wrt54g Router Firmware, Linksys Wrt54gs Router Firmware, Wrt54g and 1 more 2025-04-11 N/A
The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.