Search Results (9555 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-4863 2 Google, Tencent 2 Android, Qqpimsecure 2025-04-11 N/A
The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS/MMS messages and a contact list via a crafted application.
CVE-2012-0185 1 Microsoft 3 Excel, Excel Viewer, Office Compatibility Pack 2025-04-11 N/A
Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
CVE-2013-5971 1 Vmware 1 Vcenter Server 2025-04-11 N/A
Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors.
CVE-2010-2198 1 Rpm 1 Rpm 2025-04-11 N/A
lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade or deletion of the file in an RPM package removal, which might allow local users to gain privileges or bypass intended access restrictions by creating a hard link to a vulnerable file that has (1) POSIX file capabilities or (2) SELinux context information, a related issue to CVE-2010-2059.
CVE-2010-4678 1 Cisco 3 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 2025-04-11 N/A
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permit packets to pass before the configuration has been loaded, which might allow remote attackers to bypass intended access restrictions by sending network traffic during device startup, aka Bug ID CSCsy86769.
CVE-2010-4680 1 Cisco 3 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 2025-04-11 N/A
The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777.
CVE-2012-3537 1 Dell 1 Crowbar 2025-04-11 N/A
The Crowbar Ohai plugin (chef/cookbooks/ohai/files/default/plugins/crowbar.rb) in the Deployer Barclamp in Crowbar, possibly 1.4 and earlier, allows local users to execute arbitrary shell commands via vectors related to "insecure handling of tmp files" and predictable file names.
CVE-2013-5972 1 Vmware 2 Player, Workstation 2025-04-11 N/A
VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors.
CVE-2010-3197 1 Ibm 1 Db2 2025-04-11 N/A
IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2013-5973 1 Vmware 2 Esx, Esxi 2025-04-11 N/A
VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename.
CVE-2013-5975 1 F5 1 Big-ip Access Policy Manager 2025-04-11 N/A
The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2012-3241 1 Eucalyptus 1 Eucalyptus 2025-04-11 N/A
The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands.
CVE-2012-4452 2 Oracle, Redhat 2 Mysql, Enterprise Linux 2025-04-11 N/A
MySQL 5.0.88, and possibly other versions and platforms, allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of a CVE-2009-4030 regression, which was not omitted in other packages and versions such as MySQL 5.0.95 in Red Hat Enterprise Linux 6.
CVE-2010-4582 1 Opera 1 Opera Browser 2025-04-11 N/A
Opera before 11.00 does not properly handle security policies during updates to extensions, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2011-3440 1 Apple 2 Ipad2, Iphone Os 2025-04-11 N/A
The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation.
CVE-2010-5089 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
SilverStripe before 2.4.2 does not properly restrict access to pages in draft mode, which allows remote attackers to obtain sensitive information.
CVE-2010-5094 1 Silverstripe 1 Silverstripe 2025-04-11 N/A
The deleteinstallfiles function in control/ContentController.php in SilverStripe 2.3.x before 2.3.7 does not require ADMIN permissions, which allows remote attackers to delete index.php and "disrupt mod_rewrite-less URL routing."
CVE-2010-5141 1 Bitcoin 2 Bitcoin Core, Wxbitcoin 2025-04-11 N/A
wxBitcoin and bitcoind before 0.3.5 do not properly handle script opcodes in Bitcoin transactions, which allows remote attackers to spend bitcoins owned by other users via unspecified vectors.
CVE-2013-6026 3 Alphanetworks, Dlink, Planex 13 Vdsl Asl-55052, Vdsl Asl-56552, Di-524up and 10 more 2025-04-11 N/A
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.
CVE-2010-5142 1 Opscode 1 Chef 2025-04-11 N/A
chef-server-api/app/controllers/users.rb in the API in Chef before 0.9.0 does not require administrative privileges for the create, destroy, and update methods, which allows remote authenticated users to manage user accounts via requests to the /users URI.