Search Results (5493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-3323 1 Ibm 1 Maximo Asset Management 2025-04-11 N/A
IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.3 allows remote attackers to gain privileges via unspecified vectors.
CVE-2013-1766 1 Redhat 1 Libvirt 2025-04-11 N/A
libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors.
CVE-2012-1966 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-11 N/A
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL.
CVE-2010-0728 1 Samba 1 Samba 2025-04-11 N/A
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.
CVE-2013-1768 2 Apache, Redhat 5 Openjpa, Fuse Esb Enterprise, Fuse Management Console and 2 more 2025-04-11 N/A
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
CVE-2013-1774 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-11 N/A
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter.
CVE-2013-1813 3 Busybox, Redhat, T-mobile 3 Busybox, Enterprise Linux, Tm-ac1900 2025-04-11 N/A
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for parent directories when creating nested directories under /dev/, which allows local users to have unknown impact and attack vectors.
CVE-2013-1830 2 Fedoraproject, Moodle 2 Fedora, Moodle 2025-04-11 N/A
user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search.
CVE-2013-1834 1 Moodle 1 Moodle 2025-04-11 N/A
notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field.
CVE-2013-5552 1 Cisco 2 Content Services Gateway, Ios 2025-04-11 N/A
Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) devices does not properly implement the "parse error drop" feature, which allows remote attackers to bypass intended access restrictions via a crafted series of packets, aka Bug ID CSCug90143.
CVE-2010-5293 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match.
CVE-2013-2051 1 Redhat 1 Enterprise Linux 2025-04-11 N/A
The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887.
CVE-2013-1897 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux 2025-04-11 N/A
The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search.
CVE-2013-1903 1 Postgresql 1 Postgresql 2025-04-11 N/A
PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors.
CVE-2013-4025 1 Ibm 4 Data Studio Web Console, Db2 Recovery Expert, Infosphere Optim Configuration Manager and 1 more 2025-04-11 N/A
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x do not have an off autocomplete attribute for the login-password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
CVE-2013-1908 3 Acquia, Commons Wikis Project, Drupal 3 Commons, Commons Wikis, Drupal 2025-04-11 N/A
The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors.
CVE-2013-1919 1 Xen 1 Xen 2025-04-11 N/A
Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs or PCI devices."
CVE-2013-1920 1 Xen 1 Xen 2025-04-11 N/A
Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors.
CVE-2013-1922 1 Xen 1 Xen 2025-04-11 N/A
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted, a different vulnerability than CVE-2008-2004.
CVE-2013-1925 1 Chaos Tool Suite Project 1 Ctools 2025-04-11 N/A
The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict node access, which allows remote authenticated users with the "access content" permission to read restricted node titles via an autocomplete list.