Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4679 | 1 Apple | 1 Mac Os X | 2018-10-26 | 2.6 LOW | N/A |
| CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows remote FTP servers to force clients to connect to other hosts via crafted responses to FTP PASV commands. | |||||
| CVE-2007-3997 | 1 Php | 1 Php | 2018-10-26 | 7.5 HIGH | N/A |
| The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE. | |||||
| CVE-2016-8649 | 1 Linuxcontainers | 1 Lxc | 2018-10-26 | 9.0 HIGH | 9.1 CRITICAL |
| lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker inside of an unprivileged container to use an inherited file descriptor, of the host's /proc, to access the rest of the host's filesystem via the openat() family of syscalls. | |||||
| CVE-2014-4167 | 2 Canonical, Openstack | 2 Ubuntu Linux, Neutron | 2018-10-22 | 3.5 LOW | N/A |
| The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (IPv4 address attachment outage) by attaching an IPv6 private subnet to a L3 router. | |||||
| CVE-2016-10151 | 1 Hesiod Project | 1 Hesiod | 2018-10-21 | 6.9 MEDIUM | 7.0 HIGH |
| The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary. | |||||
| CVE-2016-10152 | 1 Hesiod Project | 1 Hesiod | 2018-10-21 | 10.0 HIGH | 9.8 CRITICAL |
| The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache. | |||||
| CVE-2007-2138 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2018-10-19 | 6.0 MEDIUM | N/A |
| Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings." | |||||
| CVE-2014-6414 | 2 Canonical, Openstack | 2 Ubuntu Linux, Neutron | 2018-10-19 | 4.0 MEDIUM | N/A |
| OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. | |||||
| CVE-2013-6433 | 2 Canonical, Openstack | 2 Ubuntu Linux, Neutron | 2018-10-19 | 7.6 HIGH | N/A |
| The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file. | |||||
| CVE-2006-0527 | 1 Isc | 1 Bind | 2018-10-19 | 7.5 HIGH | N/A |
| BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, allows remote attackers to gain privileged access via a "Kashpureff-style DNS cache corruption" attack. | |||||
| CVE-2006-0525 | 1 Adobe | 9 Acrobat, Acrobat Reader, Creative Suite and 6 more | 2018-10-19 | 4.6 MEDIUM | N/A |
| Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs. | |||||
| CVE-2006-0553 | 1 Postgresql | 1 Postgresql | 2018-10-19 | 6.5 MEDIUM | N/A |
| PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678. | |||||
| CVE-2006-0023 | 1 Microsoft | 1 Windows Xp | 2018-10-19 | 4.3 MEDIUM | N/A |
| Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit. | |||||
| CVE-2005-3273 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 5.0 MEDIUM | N/A |
| The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats. | |||||
| CVE-2005-3058 | 1 Fortinet | 2 Fortigate, Fortios | 2018-10-19 | 7.5 HIGH | N/A |
| Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616. | |||||
| CVE-2005-2929 | 1 University Of Kansas | 1 Lynx | 2018-10-19 | 7.5 HIGH | N/A |
| Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments. | |||||
| CVE-2005-2555 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2018-10-19 | 4.6 MEDIUM | N/A |
| Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. | |||||
| CVE-2005-2492 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2018-10-19 | 3.6 LOW | N/A |
| The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. | |||||
| CVE-2005-2454 | 1 Ibm | 1 Lotus Notes | 2018-10-19 | 4.6 MEDIUM | N/A |
| IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder. | |||||
| CVE-2005-1425 | 1 Uapplication | 1 Uguestbook | 2018-10-19 | 5.0 MEDIUM | N/A |
| Uapplication Uguestbook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/guestbook.mdb. | |||||