Search
Total
4224 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3426 | 1 Cisco | 3 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9900 Series Firmware | 2013-07-18 | 5.0 MEDIUM | N/A |
| The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810. | |||||
| CVE-2013-1908 | 3 Acquia, Commons Wikis Project, Drupal | 3 Commons, Commons Wikis, Drupal | 2013-07-17 | 5.0 MEDIUM | N/A |
| The Commons Wikis module before 7.x-3.1 for Drupal, as used in the Commons module before 7.x-3.1, does not properly restrict access to groups, which allows remote attackers to post arbitrary content to groups via unspecified vectors. | |||||
| CVE-2013-0246 | 1 Drupal | 1 Drupal | 2013-07-16 | 4.3 MEDIUM | N/A |
| The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors. | |||||
| CVE-2013-2786 | 1 Alstom | 2 Micom S1 Agile, Micom S1 Studio | 2013-07-11 | 6.6 MEDIUM | N/A |
| Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 Studio use weak permissions for the MiCOM S1 %PROGRAMFILES% directory, which allows local users to gain privileges via a Trojan horse executable file. | |||||
| CVE-2013-4729 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-07-05 | 5.5 MEDIUM | N/A |
| import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request. | |||||
| CVE-2013-4650 | 1 Mongodb | 1 Mongodb | 2013-07-05 | 6.5 MEDIUM | N/A |
| MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database. | |||||
| CVE-2013-2144 | 1 Redhat | 1 Enterprise Virtualization Manager | 2013-07-04 | 5.0 MEDIUM | N/A |
| Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not properly check permissions for the target storage domain, which allows attackers to cause a denial of service (disk space consumption) by cloning a VM from a snapshot. | |||||
| CVE-2013-4735 | 2 Digital Alert Systems, Monroe Electronics | 2 Dasdec Eas, R189 One-net Eas | 2013-07-01 | 10.0 HIGH | N/A |
| The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier for remote attackers to obtain access via an IP network. | |||||
| CVE-2013-4733 | 2 Digital Alert Systems, Monroe Electronics | 2 Dasdec Eas, R189 One-net Eas | 2013-07-01 | 7.8 HIGH | N/A |
| The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration and status information by reading log files. | |||||
| CVE-2013-4604 | 1 Fortinet | 1 Fortios | 2013-06-26 | 6.5 MEDIUM | N/A |
| Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role. | |||||
| CVE-2013-4613 | 1 Canon | 9 Mg3100 Printer, Mg5300 Printer, Mg6100 Printer and 6 more | 2013-06-24 | 7.5 HIGH | N/A |
| The default configuration of the administrative interface on the Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, and MX922 printers does not require authentication, which allows remote attackers to modify the configuration by visiting the Advanced page. NOTE: the vendor has apparently responded by stating "for user convenience, the default setting does not require a password. However, if a user has a particular concern about third parties accessing the user's home printer, the default setting can be changed to add a password." | |||||
| CVE-2013-4633 | 1 Huawei | 1 Seco Versatile Security Manager | 2013-06-21 | 9.0 HIGH | N/A |
| Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 allows remote authenticated users to gain privileges via a certain change to a group configuration setting. | |||||
| CVE-2013-3379 | 1 Cisco | 1 Telepresence Tc Software | 2013-06-21 | 8.3 HIGH | N/A |
| The firewall subsystem in Cisco TelePresence TC Software before 4.2 does not properly implement rules that grant access to hosts, which allows remote attackers to obtain shell access with root privileges by leveraging connectivity to the management network, aka Bug ID CSCts37781. | |||||
| CVE-2013-1940 | 2 Canonical, X | 2 Ubuntu Linux, X.org-xserver | 2013-06-21 | 2.1 LOW | N/A |
| X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly restrict access to input events when adding a new hot-plug device, which might allow physically proximate attackers to obtain sensitive information, as demonstrated by reading passwords from a tty. | |||||
| CVE-2012-5472 | 1 Moodle | 1 Moodle | 2013-06-21 | 4.0 MEDIUM | N/A |
| lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field. | |||||
| CVE-2012-4542 | 1 Linux | 1 Linux Kernel | 2013-06-21 | 4.6 MEDIUM | N/A |
| block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly consider the SCSI device class during authorization of SCSI commands, which allows local users to bypass intended access restrictions via an SG_IO ioctl call that leverages overlapping opcodes. | |||||
| CVE-2011-4347 | 1 Linux | 1 Linux Kernel | 2013-06-10 | 4.0 MEDIUM | N/A |
| The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resources, which allows host OS users to assign PCI devices and cause a denial of service (host OS crash) via a KVM_ASSIGN_PCI_DEVICE operation. | |||||
| CVE-2013-2318 | 1 Jig | 2 Movatwitouch, Movatwitouch Paid | 2013-06-07 | 2.6 LOW | N/A |
| The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allows attackers to hijack Twitter accounts via a crafted application. | |||||
| CVE-2013-3952 | 1 Apple | 1 Mac Os X | 2013-06-06 | 2.1 LOW | N/A |
| The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_info system call for a kernel pipe handle. | |||||
| CVE-2013-3949 | 1 Apple | 1 Mac Os X | 2013-06-05 | 2.1 LOW | N/A |
| The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, which allows local users to bypass intended access restrictions via a wrapper program that calls the posix_spawnattr_setflags function. | |||||
| CVE-2013-0990 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2013-06-05 | 4.9 MEDIUM | N/A |
| SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. | |||||
| CVE-2013-0798 | 2 Google, Mozilla | 2 Android, Firefox | 2013-06-05 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons before installation via an application that leverages the time window during which app_tmp is used. | |||||
| CVE-2013-0335 | 2 Canonical, Openstack | 4 Ubuntu Linux, Essex, Folsom and 1 more | 2013-06-05 | 6.0 MEDIUM | N/A |
| OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM that was bound to the same VNC port. | |||||
| CVE-2013-3315 | 1 Tibco | 1 Silver Mobile | 2013-06-03 | 6.5 MEDIUM | N/A |
| The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2013-3666 | 2 Google, Lg | 2 Android, Optimus G E973 | 2013-05-31 | 7.2 HIGH | N/A |
| The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge (adb) to establish a USB connection, dialing 3845#*973#, modifying the WLAN Test Wi-Fi Ping Test/User Command tcpdump command string, and pressing the CANCEL button. | |||||
| CVE-2012-2561 | 1 Hp | 1 Business Service Management | 2013-05-25 | 10.0 HIGH | N/A |
| HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server component via a crafted request to TCP port 1098, 1099, or 4444. | |||||
| CVE-2013-3496 | 1 Infotecs | 4 Vipnet Client, Vipnet Coordinator, Vipnet Personal Firewall and 1 more | 2013-05-22 | 7.2 HIGH | N/A |
| Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator 3.2.10 (15632) and earlier, ViPNet Personal Firewall 3.1 and earlier, and ViPNet SafeDisk 4.1 (0.5643) and earlier use weak permissions (Everyone: Full Control) for a folder under %PROGRAMFILES%\Infotecs, which allows local users to gain privileges via a Trojan horse (1) executable file or (2) DLL file. | |||||
| CVE-2013-1977 | 1 Openstack | 1 Devstack | 2013-05-22 | 2.1 LOW | N/A |
| OpenStack devstack uses world-readable permissions for keystone.conf, which allows local users to obtain sensitive information such as the LDAP password and admin_token secret by reading the file. | |||||
| CVE-2013-3270 | 1 Emc | 3 Celerra Control Station, Vnx, Vnx Control Station | 2013-05-20 | 6.8 MEDIUM | N/A |
| EMC VNX Control Station before 7.1.70.2 and Celerra Control Station before 6.0.70.1 have an incorrect group ownership for unspecified script files, which allows local users to gain privileges by leveraging nasadmin group membership. | |||||
| CVE-2013-0287 | 1 Fedoraproject | 1 Sssd | 2013-05-15 | 4.9 MEDIUM | N/A |
| The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions. | |||||
| CVE-2010-1142 | 2 Microsoft, Vmware | 8 Windows, Ace, Esx and 5 more | 2013-05-15 | 8.5 HIGH | N/A |
| VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; VMware Player 2.5.x before 2.5.4 build 246459; VMware ACE 2.5.x before 2.5.4 build 246459; VMware Server 2.x before 2.0.2 build 203138; VMware Fusion 2.x before 2.0.6 build 246742; VMware ESXi 3.5 and 4.0; and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0 does not properly load VMware programs, which might allow Windows guest OS users to gain privileges by placing a Trojan horse program at an unspecified location on the guest OS disk. | |||||
| CVE-2010-1140 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2013-05-15 | 6.9 MEDIUM | N/A |
| The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 and VMware Player 3.0 before 3.0.1 build 227600 on Windows might allow host OS users to gain privileges by placing a Trojan horse program at an unspecified location on the host OS disk. | |||||
| CVE-2010-0393 | 1 Apple | 1 Cups | 2013-05-15 | 6.9 MEDIUM | N/A |
| The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers. | |||||
| CVE-2013-1897 | 1 Fedoraproject | 1 389 Directory Server | 2013-05-14 | 2.6 LOW | N/A |
| The do_search function in ldap/servers/slapd/search.c in 389 Directory Server 1.2.x before 1.2.11.20 and 1.3.x before 1.3.0.5 does not properly restrict access to entries when the nsslapd-allow-anonymous-access configuration is set to rootdse and the BASE search scope is used, which allows remote attackers to obtain sensitive information outside of the rootDSE via a crafted LDAP search. | |||||
| CVE-2013-1225 | 1 Cisco | 1 Unified Customer Voice Portal | 2013-05-09 | 7.8 HIGH | N/A |
| Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 allows remote attackers to read arbitrary files via a Resource Manager (1) HTTP or (2) HTTPS request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCub38366. | |||||
| CVE-2013-0685 | 1 Invensys | 1 Wonderware Information Server | 2013-05-09 | 9.3 HIGH | N/A |
| Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service (resource consumption) via unknown vectors. | |||||
| CVE-2013-3509 | 1 Gwos | 1 Groundwork Monitor | 2013-05-08 | 6.5 MEDIUM | N/A |
| html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the scan functionality in the System / NeDi menu. | |||||
| CVE-2013-3506 | 1 Gwos | 1 Groundwork Monitor | 2013-05-08 | 7.5 HIGH | N/A |
| cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes (SSI) functionality. | |||||
| CVE-2013-3503 | 1 Gwos | 1 Groundwork Monitor | 2013-05-08 | 3.5 LOW | N/A |
| The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | |||||
| CVE-2013-3500 | 1 Gwos | 1 Groundwork Monitor | 2013-05-08 | 7.5 HIGH | N/A |
| The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent attackers to bypass intended filesystem restrictions by leveraging access to a GroundWork script. | |||||
| CVE-2013-0934 | 1 Emc | 2 Rsa Archer Egrc, Rsa Archer Smartsuite | 2013-05-07 | 4.0 MEDIUM | N/A |
| EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors. | |||||
| CVE-2013-0932 | 1 Emc | 2 Rsa Archer Egrc, Rsa Archer Smartsuite | 2013-05-07 | 4.0 MEDIUM | N/A |
| EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and upload arbitrary files via unspecified vectors. | |||||
| CVE-2012-4550 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2013-05-07 | 6.4 MEDIUM | N/A |
| JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to the EJB. | |||||
| CVE-2012-4522 | 1 Ruby-lang | 1 Ruby | 2013-05-04 | 5.0 MEDIUM | N/A |
| The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path. | |||||
| CVE-2012-3987 | 2 Google, Mozilla | 2 Android, Firefox | 2013-05-04 | 4.0 MEDIUM | N/A |
| Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. | |||||
| CVE-2013-3057 | 1 Joomla | 1 Joomla\! | 2013-05-03 | 4.0 MEDIUM | N/A |
| Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors. | |||||
| CVE-2013-3056 | 1 Joomla | 1 Joomla\! | 2013-05-03 | 4.0 MEDIUM | N/A |
| Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors. | |||||
| CVE-2013-0940 | 1 Emc | 1 Networker | 2013-05-03 | 7.2 HIGH | N/A |
| The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors. | |||||
| CVE-2013-3107 | 1 Vmware | 1 Vcenter Server Appliance | 2013-05-01 | 4.3 MEDIUM | N/A |
| VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password. | |||||
| CVE-2013-3080 | 1 Vmware | 1 Vcenter Server Appliance | 2013-05-01 | 9.0 HIGH | N/A |
| VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access. | |||||