Last 20 Scored Vulnerability IDs & Summaries
CVSS Severity
-
CVE-2012-4213 —
Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory cor... read CVE-2012-4213
Published: November 21, 2012; 07:55:02 AM -05:00
-
CVE-2012-4208 —
The XrayWrapper implementation in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 does not consider the compartment during property filtering, which allows remote attackers to bypass intended chrome-only restrictions o... read CVE-2012-4208
Published: November 21, 2012; 07:55:02 AM -05:00
-
CVE-2011-1044 —
The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c in the Linux kernel before 2.6.37 does not initialize a certain response buffer, which allows local users to obtain potentially sensitive information from kernel memory via vector... read CVE-2011-1044
Published: February 18, 2011; 03:00:09 PM -05:00
-
CVE-2010-4668 —
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: th... read CVE-2010-4668
Published: January 03, 2011; 03:00:43 PM -05:00
-
CVE-2010-4346 —
The install_special_mapping function in mm/mmap.c in the Linux kernel before 2.6.37-rc6 does not make an expected security_file_mmap function call, which allows local users to bypass intended mmap_min_addr restrictions and possibly conduct NULL point... read CVE-2010-4346
Published: December 22, 2010; 04:00:19 PM -05:00
-
CVE-2010-4080 —
The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the Linux kernel before 2.6.36-rc6 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via an SNDRV_HD... read CVE-2010-4080
Published: November 30, 2010; 05:14:00 PM -05:00
-
CVE-2007-6206 —
The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x up to 2.6.24-rc3, and possibly other versions, does not change the UID of a core dump file if it exists before a root process creates a core dump in the same location, which might... read CVE-2007-6206
Published: December 03, 2007; 07:46:00 PM -05:00
-
CVE-2020-9079 —
FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product.
Published: August 10, 2020; 10:15:12 PM -04:00
-
CVE-2020-17368 —
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
Published: August 11, 2020; 12:15:12 PM -04:00
-
CVE-2020-17367 —
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.
Published: August 11, 2020; 12:15:12 PM -04:00
-
CVE-2020-14325 —
Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGrou... read CVE-2020-14325
Published: August 11, 2020; 09:15:12 AM -04:00
-
CVE-2020-14296 —
Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request Forgery (SSRF) flaw. With the access to add Ansible Tower provider, an attacker could scan and attack systems from the internal network which are not normally accessible.
Published: August 11, 2020; 10:15:11 AM -04:00
-
CVE-2020-10783 —
Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with EVM-Operator group can perform actions restricted only to EVM-Super-administrator group, leads to, exporting or importing administrator files.
Published: August 11, 2020; 09:15:12 AM -04:00
-
CVE-2020-10779 —
Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level access control bypass due to missing privilege check. Therefore, if an attacker knows the right criteria, it is possible to access some sensitive data... read CVE-2020-10779
Published: August 11, 2020; 09:15:12 AM -04:00
-
CVE-2012-3988 —
Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 might allow user-assisted remote attackers to execute arbitrary code v... read CVE-2012-3988
Published: October 10, 2012; 01:55:01 PM -04:00
-
CVE-2010-4079 —
The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the Linux kernel before 2.6.36-rc8 does not properly initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memor... read CVE-2010-4079
Published: November 29, 2010; 11:00:03 AM -05:00
-
CVE-2020-10778 —
In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior.
Published: August 11, 2020; 09:15:12 AM -04:00
-
CVE-2010-4165 —
The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel before 2.6.37-rc2 does not properly restrict TCP_MAXSEG (aka MSS) values, which allows local users to cause a denial of service (OOPS) via a setsockopt call that specifies a small v... read CVE-2010-4165
Published: November 22, 2010; 08:00:19 AM -05:00
-
CVE-2020-10777 —
A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms.
Published: August 11, 2020; 09:15:11 AM -04:00
-
CVE-2020-17479 —
jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array.
Published: August 10, 2020; 04:15:11 PM -04:00