CVE List

Id CVE No. Status Description Phase Votes Comments Actions
62197  CVE-2013-2250  Candidate  Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.  Assigned (20130219)  None (candidate not yet proposed)    View
62453  CVE-2013-2506  Candidate  app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.  Assigned (20130308)  None (candidate not yet proposed)    View
62709  CVE-2013-2762  Candidate  The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data.  Assigned (20130404)  None (candidate not yet proposed)    View
62965  CVE-2013-3018  Candidate  ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.  Assigned (20130412)  None (candidate not yet proposed)    View
63221  CVE-2013-3274  Candidate  EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors.  Assigned (20130426)  None (candidate not yet proposed)    View

Page 20146 of 20943, showing 5 records out of 104715 total, starting on record 100726, ending on 100730

Actions