Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2506 | 1 Spreecommerce | 1 Spree | 2013-03-17 | 4.0 MEDIUM | N/A |
| app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves. | |||||
| CVE-2012-6118 | 1 Redhat | 1 Aeolus Conductor | 2013-03-17 | 5.5 MEDIUM | N/A |
| The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting. | |||||
| CVE-2013-2373 | 1 Tibco | 1 Spotfire Web Player | 2013-03-17 | 6.4 MEDIUM | N/A |
| The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2012-6076 | 1 Inkscape | 1 Inkscape | 2013-03-17 | 4.4 MEDIUM | N/A |
| Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts. | |||||
| CVE-2013-0706 | 1 Nec | 1 Universal Raid Utility | 2013-03-07 | 9.0 HIGH | N/A |
| NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and earlier, and 2.5 Rev 2244 and earlier does not provide access control, which allows remote attackers to perform arbitrary RAID disk operations via unspecified vectors. | |||||
| CVE-2012-4450 | 1 Fedoraproject | 1 389 Directory Server | 2013-03-07 | 6.0 MEDIUM | N/A |
| 389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restrictions and access the DN entry. | |||||
| CVE-2013-1048 | 1 Debian | 1 Apache2 | 2013-03-06 | 4.6 MEDIUM | N/A |
| The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack. | |||||
| CVE-2012-5302 | 1 Tibco | 1 Formvine | 2013-03-01 | 7.5 HIGH | N/A |
| The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2012-4734 | 1 Bestpractical | 1 Rt | 2013-03-01 | 5.0 MEDIUM | N/A |
| Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "modify arbitrary state" via unknown vectors related to a crafted link. | |||||
| CVE-2012-4491 | 2 Drupal, Earl Dunovant | 2 Drupal, Monthly Archive By Node Type | 2013-03-01 | 5.8 MEDIUM | N/A |
| The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vectors. | |||||
| CVE-2012-4495 | 2 Drupal, Mime Mail Module Project | 2 Drupal, Mimemail | 2013-03-01 | 4.0 MEDIUM | N/A |
| The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary files as attachments. | |||||
| CVE-2012-4500 | 2 Drupal, Nancy Wichmann | 2 Drupal, Announcements | 2013-03-01 | 3.5 LOW | N/A |
| The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unspecified impact. | |||||
| CVE-2012-4016 | 2 Google, Justsystems | 2 Android, Atok | 2013-03-01 | 4.3 MEDIUM | N/A |
| The ATOK application before 1.0.4 for Android allows remote attackers to read the learning information file, and obtain sensitive input-string information, via a crafted application. | |||||
| CVE-2012-3478 | 1 Pizzashack | 1 Rssh | 2013-03-01 | 2.1 LOW | N/A |
| rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line. | |||||
| CVE-2012-4020 | 1 Mosp | 1 Kintai Kanri | 2013-03-01 | 4.0 MEDIUM | N/A |
| MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors. | |||||
| CVE-2012-2994 | 1 Cososys | 1 Endpoint Protector Appliace 4 | 2013-03-01 | 7.5 HIGH | N/A |
| The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2012-1833 | 1 Springsource | 1 Grails | 2013-03-01 | 5.0 MEDIUM | N/A |
| VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does not properly restrict data binding, which might allow remote attackers to bypass intended access restrictions and modify arbitrary object properties via a crafted request parameter to an application. | |||||
| CVE-2011-2709 | 1 Umich | 2 Libgssapi, Libgssglue | 2013-03-01 | 6.2 MEDIUM | N/A |
| libgssapi and libgssglue before 0.4 do not properly check privileges, which allows local users to load untrusted configuration files and execute arbitrary code via the GSSAPI_MECH_CONF environment variable, as demonstrated using mount.nfs. | |||||
| CVE-2013-1139 | 1 Cisco | 1 Cloud Portal | 2013-02-26 | 4.0 MEDIUM | N/A |
| The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCud81134. | |||||
| CVE-2012-5586 | 2 Drupal, Marc Ingram | 2 Drupal, Services | 2013-02-25 | 2.1 LOW | N/A |
| The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the path to the user resource." | |||||