Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-1709 | 1 Gnome | 2 Gdm, Glib | 2011-09-07 | 7.2 HIGH | N/A |
| GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, enables execution of a web browser with the uid of the gdm account, which allows local users to gain privileges via vectors involving the x-scheme-handler/http MIME type. | |||||
| CVE-2011-1738 | 1 Hp | 1 Palm Webos | 2011-09-07 | 7.2 HIGH | N/A |
| HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in Development Kit (PDK) applications, which allows local users to gain privileges by leveraging unintended filesystem write access. | |||||
| CVE-2011-1022 | 1 Balbir Singh | 1 Libcgroup | 2011-09-07 | 2.1 LOW | N/A |
| The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message. | |||||
| CVE-2010-3707 | 1 Dovecot | 1 Dovecot | 2011-08-27 | 5.5 MEDIUM | N/A |
| plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox. | |||||
| CVE-2010-1386 | 1 Apple | 1 Webkit | 2011-08-23 | 10.0 HIGH | N/A |
| page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357. | |||||
| CVE-2010-1326 | 1 March-hare | 2 Cvs Suite, Cvsnt | 2011-08-12 | 9.3 HIGH | N/A |
| perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 before build 3736, 2.5.04 before build 2862; CVS Suite 2.5.03, 2008 before build 3736, and 2009 before 3729 allows remote attackers to bypass the permissions check, modify arbitrary modules and directories within CVSROOT, and execute arbitrary code via a crafted branch name ACL, possibly related to incorrect inheritance. | |||||
| CVE-2010-0184 | 1 Tibco | 1 Runtime Agent | 2011-08-08 | 7.2 HIGH | N/A |
| The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors. | |||||
| CVE-2010-0318 | 1 Freebsd | 1 Freebsd | 2011-08-08 | 6.9 MEDIUM | N/A |
| The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, and 8.0, when creating files during replay of a setattr transaction, uses 7777 permissions instead of the original permissions, which might allow local users to read or modify unauthorized files in opportunistic circumstances after a system crash or power failure. | |||||
| CVE-2007-6350 | 1 Scponly | 1 Scponly | 2011-08-08 | 8.5 HIGH | N/A |
| scponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute code by invoking dangerous subcommands including (1) unison, (2) rsync, (3) svn, and (4) svnserve, as originally demonstrated by creating a Subversion (SVN) repository with malicious hooks, then using svn to trigger execution of those hooks. | |||||
| CVE-2011-0227 | 1 Apple | 1 Iphone Os | 2011-07-26 | 7.2 HIGH | N/A |
| The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. | |||||
| CVE-2011-0219 | 2 Apple, Microsoft | 7 Mac Os X, Mac Os X Server, Safari and 4 more | 2011-07-22 | 5.8 MEDIUM | N/A |
| Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts. | |||||
| CVE-2010-3260 | 1 Orbeon | 1 Forms | 2011-07-19 | 6.4 MEDIUM | N/A |
| oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaration in conjunction with an entity reference, related to an "XML injection" issue. | |||||
| CVE-2011-0729 | 1 Ubuntu | 1 Language-selector | 2011-07-14 | 7.2 HIGH | N/A |
| dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector before 0.6.7 does not restrict access on the basis of a PolicyKit check result, which allows local users to modify the /etc/default/locale and /etc/environment files via a (1) SetSystemDefaultLangEnv or (2) SetSystemDefaultLanguageEnv call. | |||||
| CVE-2007-1461 | 1 Php | 1 Php | 2011-07-13 | 7.8 HIGH | N/A |
| The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories. | |||||
| CVE-2011-2600 | 1 Microsoft | 1 Windows Xp | 2011-07-12 | 7.1 HIGH | N/A |
| The GPU support functionality in Windows XP does not properly restrict rendering time, which allows remote attackers to cause a denial of service (system crash) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK. | |||||
| CVE-2011-2601 | 1 Apple | 1 Mac Os X | 2011-07-12 | 7.1 HIGH | N/A |
| The GPU support functionality in Mac OS X does not properly restrict rendering time, which allows remote attackers to cause a denial of service (desktop hang) via vectors involving WebGL and (1) shader programs or (2) complex 3D geometry, as demonstrated by using Mozilla Firefox or Google Chrome to visit the lots-of-polys-example.html test page in the Khronos WebGL SDK. | |||||
| CVE-2011-1127 | 1 Simplemachines | 1 Smf | 2011-06-29 | 10.0 HIGH | N/A |
| SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors. | |||||
| CVE-2011-1056 | 2 Metasploit, Microsoft | 2 Metasploit Framework, Windows | 2011-06-20 | 6.2 MEDIUM | N/A |
| The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse. | |||||
| CVE-2009-0171 | 1 Sun | 1 Sparc Enterprise Server | 2011-06-13 | 10.0 HIGH | N/A |
| The Sun SPARC Enterprise M4000 and M5000 Server, within a certain range of serial numbers, allows remote attackers to use the manufacturing root password, perform a root login to the eXtended System Control Facility Unit (aka XSCFU or Service Processor), and have unspecified other impact. | |||||
| CVE-2010-4806 | 1 Ibm | 1 Web Content Manager | 2011-05-26 | 4.0 MEDIUM | N/A |
| The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges. | |||||