Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0990 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. | ||||
| CVE-2011-1376 | 1 Ibm | 1 Websphere Application Server | 2025-04-11 | N/A |
| iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations. | ||||
| CVE-2013-6026 | 3 Alphanetworks, Dlink, Planex | 13 Vdsl Asl-55052, Vdsl Asl-56552, Di-524up and 10 more | 2025-04-11 | N/A |
| The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013. | ||||
| CVE-2013-1977 | 1 Openstack | 1 Devstack | 2025-04-11 | N/A |
| OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file. | ||||
| CVE-2013-0957 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Data Protection in Apple iOS before 7 allows attackers to bypass intended limits on incorrect passcode entry, and consequently avoid a configured Erase Data setting, by leveraging the presence of an app in the third-party sandbox. | ||||
| CVE-2013-0940 | 1 Emc | 1 Networker | 2025-04-11 | N/A |
| The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. | ||||
| CVE-2011-0988 | 2 Novell, Pureftpd | 2 Suse Linux, Pure-ftpd | 2025-04-11 | N/A |
| pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and SP4, and Enterprise Desktop 10 SP3 and SP4, when running OES Netware extensions, creates a world-writeable directory, which allows local users to overwrite arbitrary files and gain privileges via unspecified vectors. | ||||
| CVE-2013-0934 | 1 Emc | 2 Rsa Archer Egrc, Rsa Archer Smartsuite | 2025-04-11 | N/A |
| EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors. | ||||
| CVE-2013-0932 | 1 Emc | 2 Rsa Archer Egrc, Rsa Archer Smartsuite | 2025-04-11 | N/A |
| EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors. | ||||
| CVE-2011-1549 | 1 Gentoo | 2 Linux, Logrotate | 2025-04-11 | N/A |
| The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages. | ||||
| CVE-2012-4425 | 3 Freedesktop, Gtk, Redhat | 3 Spice-gtk, Libgio, Enterprise Linux | 2025-04-11 | N/A |
| libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself. | ||||
| CVE-2013-0925 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors. | ||||
| CVE-2013-0924 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The extension functionality in Google Chrome before 26.0.1410.43 does not verify that use of the permissions API is consistent with file permissions, which has unspecified impact and attack vectors. | ||||
| CVE-2010-3223 | 1 Microsoft | 1 Windows Server 2008 | 2025-04-11 | N/A |
| The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." | ||||
| CVE-2013-0922 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 26.0.1410.43 does not properly restrict brute-force access attempts against web sites that require HTTP Basic Authentication, which has unspecified impact and attack vectors. | ||||
| CVE-2013-0921 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The Isolated Sites feature in Google Chrome before 26.0.1410.43 does not properly enforce the use of separate processes, which makes it easier for remote attackers to bypass intended access restrictions via a crafted web site. | ||||
| CVE-2012-1461 | 18 Anti-virus, Authentium, Avg and 15 more | 20 Vba32, Command Antivirus, Avg Anti-virus and 17 more | 2025-04-11 | N/A |
| The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, and VBA32 3.12.14.2 allows remote attackers to bypass malware detection via a .tar.gz file with multiple compressed streams. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different Gzip parser implementations. | ||||
| CVE-2013-0918 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site. | ||||
| CVE-2013-0838 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | N/A |
| Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors. | ||||
| CVE-2013-0829 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors. | ||||