| Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-5563 | 4.0 |
OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not properly implement token expiration, which allows remote authenticated users to bypass intended authorization restrictions by creating new tokens through token chaining. NOTE: this issu
|
13-02-2023 - 00:26 | 18-12-2012 - 01:55 | |
| CVE-2016-10150 | 10.0 |
Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the
|
19-01-2023 - 16:14 | 06-02-2017 - 06:59 | |
| CVE-2002-1187 | 6.8 |
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting,
|
23-07-2021 - 12:55 | 11-12-2002 - 05:00 | |
| CVE-2007-3740 | 4.4 |
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.
|
29-09-2017 - 01:29 | 14-09-2007 - 01:17 | |
| CVE-2012-4862 | 2.1 |
The Host Connect emulator in IBM Rational Developer for System z 7.1 through 8.5.1 does not properly store the SSL certificate password, which allows local users to obtain sensitive information via unspecified vectors.
|
29-08-2017 - 01:32 | 05-12-2012 - 11:57 | |
| CVE-2012-5571 | 3.5 |
OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token f
|
29-08-2017 - 01:32 | 18-12-2012 - 01:55 | |
| CVE-2009-1977 | 10.0 |
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the
|
17-08-2017 - 01:30 | 14-07-2009 - 23:30 | |
| CVE-2012-5590 | 7.5 |
SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
26-02-2013 - 04:52 | 26-12-2012 - 17:55 | |
| CVE-2012-5586 | 2.1 |
The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "access user profiles" permission to access arbitrary users' emails via vectors related to the "user index method" and "the pa
|
26-02-2013 - 04:52 | 26-12-2012 - 17:55 | |
| CVE-2012-5159 | 7.5 |
phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code v
|
26-01-2013 - 04:57 | 25-09-2012 - 22:55 | |
| CVE-2005-3969 | 7.5 |
SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
08-03-2011 - 02:27 | 03-12-2005 - 19:03 | |
| CVE-2005-3970 | 4.3 |
Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
08-03-2011 - 02:27 | 03-12-2005 - 19:03 |