Export limit exceeded: 364527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9556 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-4459 1 Bestpractical 1 Rt 2025-04-11 N/A
Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership.
CVE-2010-2756 1 Mozilla 1 Bugzilla 2025-04-11 N/A
Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 allows remote attackers to determine the group memberships of arbitrary users via vectors involving the Search interface, boolean charts, and group-based pronouns.
CVE-2010-2762 2 Mozilla, Redhat 3 Firefox, Thunderbird, Enterprise Linux 2025-04-11 N/A
The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via vectors related to a chrome privileged object and a chain ending in an outer object.
CVE-2011-4509 1 Siemens 5 Simatic Hmi Panels, Wincc, Wincc Flexible and 2 more 2025-04-11 N/A
The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime has an improperly selected default password for the administrator account, which makes it easier for remote attackers to obtain access via a brute-force approach involving many HTTP requests.
CVE-2011-4608 1 Redhat 3 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform, Jboss Enterprise Web Server 2025-04-11 N/A
mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints.
CVE-2012-3174 2 Oracle, Redhat 4 Jdk, Jre, Enterprise Linux and 1 more 2025-04-11 N/A
Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114.
CVE-2011-4700 2 Android, Ubermedia 2 Android, Ubersocial 2025-04-11 N/A
The UberMedia UberSocial (com.twidroid) application 7.x before 7.2.4 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted application.
CVE-2011-4702 2 Android, Nimbuzz 2 Android, Nimbuzz 2025-04-11 N/A
The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application.
CVE-2011-4703 2 Android, Nathanielkh 2 Android, Limit My Call 2025-04-11 N/A
The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application.
CVE-2000-1245 1 Novell 2 Netware, Netware Ftp Server 2025-04-11 N/A
Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 allow remote attackers to bypass intended restrictions on anonymous access via unknown vectors.
CVE-2011-4704 2 Android, Voxofon 2 Android, Voxofon 2025-04-11 N/A
The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application.
CVE-2003-1575 2 Sun, Symantec 2 Solaris, Vxfs 2025-04-11 N/A
VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem.
CVE-2008-7283 1 Otrs 1 Otrs 2025-04-11 N/A
Open Ticket Request System (OTRS) before 2.2.6, when customer group support is enabled, allows remote authenticated users to bypass intended access restrictions and perform web-interface updates to tickets by leveraging queue read permissions.
CVE-2013-0346 1 Apache 1 Tomcat 2025-04-11 N/A
Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
CVE-2013-0348 5 Acme, Fedoraproject, Gentoo and 2 more 5 Thttpd, Fedora, Linux and 2 more 2025-04-11 N/A
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
CVE-2013-0337 1 F5 1 Nginx 2025-04-11 N/A
The default configuration of nginx, possibly 1.3.13 and earlier, uses world-readable permissions for the (1) access.log and (2) error.log files, which allows local users to obtain sensitive information by reading the files.
CVE-2013-0315 1 Redhat 1 Jboss Enterprise Portal Platform 2025-04-11 N/A
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack.
CVE-2013-0287 2 Fedoraproject, Redhat 2 Sssd, Enterprise Linux 2025-04-11 N/A
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.
CVE-2013-0257 2 David Alkire, Drupal 2 Email2image, Drupal 2025-04-11 N/A
The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields.
CVE-2014-0028 1 Redhat 1 Libvirt 2025-04-11 N/A
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a request to the (1) virConnectDomainEventRegister and (2) virConnectDomainEventRegisterAny functions in the event registration API.