Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2742 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2012-01-24 | 6.8 MEDIUM | N/A |
| EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile apps, which might allow remote attackers to bypass intended application restrictions via a mobile device. | |||||
| CVE-2011-2741 | 1 Emc | 1 Rsa Adaptive Authentication On-premise | 2012-01-24 | 6.8 MEDIUM | N/A |
| EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified "data elements." | |||||
| CVE-2011-2768 | 1 Tor | 1 Tor | 2012-01-19 | 5.8 MEDIUM | N/A |
| Tor before 0.2.2.34, when configured as a client or bridge, sends a TLS certificate chain as part of an outgoing OR connection, which allows remote relays to bypass intended anonymity properties by reading this chain and then determining the set of entry guards that the client or bridge had selected. | |||||
| CVE-2011-3226 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 6.8 MEDIUM | N/A |
| Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 server is used with RFC 2307 or custom mappings, allows remote attackers to bypass the password requirement by leveraging lack of an AuthenticationAuthority attribute for a user account. | |||||
| CVE-2011-3225 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 5.0 MEDIUM | N/A |
| The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 does not prevent all guest users from accessing the share point record of a guest-restricted folder, which allows remote attackers to bypass intended browsing restrictions by leveraging access to the nobody account. | |||||
| CVE-2011-3216 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 2.1 LOW | N/A |
| The kernel in Apple Mac OS X before 10.7.2 does not properly implement the sticky bit for directories, which might allow local users to bypass intended permissions and delete files via an unlink system call. | |||||
| CVE-2011-3215 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 2.1 LOW | N/A |
| The kernel in Apple Mac OS X before 10.7.2 does not properly prevent FireWire DMA in the absence of a login, which allows physically proximate attackers to bypass intended access restrictions and discover a password by making a DMA request in the (1) loginwindow, (2) boot, or (3) shutdown state. | |||||
| CVE-2011-3214 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 4.6 MEDIUM | N/A |
| IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a locked-screen state in display sleep mode for an Apple Cinema Display, which allows physically proximate attackers to bypass the password requirement via unspecified vectors. | |||||
| CVE-2011-3213 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 7.6 HIGH | N/A |
| The File Systems component in Apple Mac OS X before 10.7.2 does not properly track the specific X.509 certificate that a user manually accepted for an initial https WebDAV connection, which allows man-in-the-middle attackers to hijack WebDAV communication by presenting an arbitrary certificate for a subsequent connection. | |||||
| CVE-2011-0260 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2012-01-14 | 4.6 MEDIUM | N/A |
| The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does not prevent a system window from receiving keystrokes in the locked-screen state, which might allow physically proximate attackers to bypass intended access restrictions by typing into this window. | |||||
| CVE-2011-3337 | 4 Eeye, Hp, Sgi and 1 more | 5 Digital Security Audits, Retina Network Security Scanner, Hp-ux and 2 more | 2012-01-04 | 6.9 MEDIUM | N/A |
| eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 for eEye Retina Network Security Scanner on HP-UX, IRIX, and Solaris allows local users to gain privileges via a Trojan horse gauntlet program in an arbitrary directory under /usr/local/. | |||||
| CVE-2011-4356 | 1 Celeryproject | 1 Celery | 2012-01-03 | 6.9 MEDIUM | N/A |
| Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local users to gain privileges via vectors involving crafted code that is executed by the worker process. | |||||
| CVE-2011-4861 | 1 Schneider-electric | 3 Quantum Ethernet Module 140noe77100, Quantum Ethernet Module 140noe77101, Quantum Ethernet Module 140noe77111 | 2011-12-21 | 10.0 HIGH | N/A |
| The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502. | |||||
| CVE-2011-4606 | 1 Artsoft | 1 Rocks\'n\'diamonds | 2011-12-15 | 3.6 LOW | N/A |
| Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory. | |||||
| CVE-2011-4202 | 1 Restorepoint | 1 Restorepoint | 2011-12-13 | 7.2 HIGH | N/A |
| The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions (www write access) for unspecified scripts, which allows local users to gain privileges by modifying a script file. | |||||
| CVE-2011-4435 | 1 Ibm | 1 Db2 Tools For Z\/os | 2011-12-13 | 5.0 MEDIUM | N/A |
| The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests. | |||||
| CVE-2011-1602 | 1 Cisco | 15 Skinny Client Control Protocol Software, Unified Ip Phone 7906, Unified Ip Phone 7911g and 12 more | 2011-11-22 | 6.6 MEDIUM | N/A |
| The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426. | |||||
| CVE-2008-7303 | 1 Apple | 1 Mac Os X | 2011-11-21 | 7.6 HIGH | N/A |
| The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do not propagate restrictions to all created processes, which allows remote attackers to access network resources via a crafted application, as demonstrated by use of launchctl to trigger the launchd daemon's execution of a script file, a related issue to CVE-2011-1516. | |||||
| CVE-2011-3993 | 1 Skyarc | 5 Autotagging, Duplicateentry, Mailpack and 2 more | 2011-11-16 | 5.5 MEDIUM | N/A |
| SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, DuplicateEntry 1.2 and earlier, MailPack 1.741 and earlier, and AutoTagging 0.08 and earlier plugins for Movable Type, uses weak permissions, which allows remote authenticated users to modify files and settings via unspecified vectors. | |||||
| CVE-2011-3440 | 1 Apple | 2 Ipad2, Iphone Os | 2011-11-15 | 1.2 LOW | N/A |
| The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does not properly implement the locked state, which allows physically proximate attackers to access data by opening a Smart Cover during power-off confirmation. | |||||