Export limit exceeded: 364840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9565 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-4595 1 Ibm 1 Lotus Mobile Connect 2025-04-11 N/A
The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services (HTTP-AS), which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header.
CVE-2011-4434 1 Microsoft 2 Windows 7, Windows Server 2008 2025-04-11 N/A
Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
CVE-2012-4572 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform 2025-04-11 N/A
Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application.
CVE-2012-4777 1 Microsoft 9 .net Framework, Windows 7, Windows 8 and 6 more 2025-04-11 N/A
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "WPF Reflection Optimization Vulnerability."
CVE-2011-4316 1 Redhat 2 Enterprise Virtualization Manager, Rhev Manager 2025-04-11 N/A
Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in certain unspecified conditions, does not lock the desktop screen between SPICE sessions, which allows local users with access to a virtual machine to gain access to other users' desktop sessions via unspecified vectors.
CVE-2010-2058 1 Prelude-technologies 1 Prewikka 2025-04-11 N/A
setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable permissions, which allows local users to obtain the SQL database password.
CVE-2012-2225 1 360zip 1 360zip 2025-04-11 N/A
360zip 1.93beta allows remote attackers to execute arbitrary code via vectors related to file browsing and file extraction.
CVE-2011-3440 1 Apple 2 Ipad2, Iphone Os 2025-04-11 N/A
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
CVE-2013-3080 1 Vmware 1 Vcenter Server Appliance 2025-04-11 N/A
VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access.
CVE-2011-3376 1 Apache 1 Tomcat 2025-04-11 N/A
org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.
CVE-2013-4497 2 Openstack, Redhat 4 Folsom, Grizzly, Havana and 1 more 2025-04-11 N/A
The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups (1) when resizing an image or (2) during live migration, which allows remote attackers to bypass intended restrictions.
CVE-2012-4573 2 Openstack, Redhat 4 Essex, Folsom, Image Registry And Delivery Service \(glance\) and 1 more 2025-04-11 N/A
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulnerability than CVE-2012-5482.
CVE-2010-4491 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 8.0.552.215 does not properly restrict privileged extensions, which allows remote attackers to cause a denial of service (memory corruption) via a crafted extension.
CVE-2014-1666 1 Xen 1 Xen 2025-04-11 N/A
The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, and 4.3.x does not properly restrict access to the (1) PHYSDEVOP_prepare_msix and (2) PHYSDEVOP_release_msix operations, which allows local PV guests to cause a denial of service (host or guest malfunction) or possibly gain privileges via unspecified vectors.
CVE-2012-2212 1 Mcafee 1 Web Gateway 2025-04-11 N/A
McAfee Web Gateway 7.0 allows remote attackers to bypass the access configuration for the CONNECT method by providing an arbitrary allowed hostname in the Host HTTP header. NOTE: this issue might not be reproducible, because the researcher did not provide configuration details for the vulnerable system, and the observed behavior might be consistent with a configuration that was (perhaps inadvertently) designed to allow access based on Host HTTP headers
CVE-2012-0798 1 Moodle 1 Moodle 2025-04-11 N/A
The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role.
CVE-2013-1836 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access.
CVE-2013-2269 1 Arubanetworks 2 Clearpass, Clearpass Guest 2025-04-11 N/A
The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in conjunction with information from a "default holding page" to discover the link that is used for sponsor approval of the guest request, then performing a direct request to that link.
CVE-2013-2271 1 Dlink 2 Dsl-2740b, Dsl-2740b Firmware 2025-04-11 N/A
The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi.
CVE-2012-0793 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.