Search Results (9546 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-2747 1 Courion 1 Access Risk Management Suite 2025-04-11 N/A
The password reset feature in Courion Access Risk Management Suite Version 8 Update 9 allows remote authenticated users to bypass intended Internet Explorer usage restrictions and execute arbitrary commands by using keyboard shortcuts to navigate the file system and open a command prompt.
CVE-2013-0346 1 Apache 1 Tomcat 2025-04-11 N/A
Apache Tomcat 7.x uses world-readable permissions for the log directory and its files, which might allow local users to obtain sensitive information by reading a file. NOTE: One Tomcat distributor has stated "The tomcat log directory does not contain any sensitive information."
CVE-2013-2826 1 Wellintech 3 Kingalarm\&event, Kinggraphic, Kingscada 2025-04-11 N/A
WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP port 8130.
CVE-2013-0467 1 Ibm 1 Data Studio 2025-04-11 N/A
IBM Eclipse Help System (IEHS), as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL.
CVE-2013-2834 1 Google 1 Chrome Os 2025-04-11 N/A
Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835.
CVE-2013-2835 1 Google 1 Chrome Os 2025-04-11 N/A
Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834.
CVE-2013-2874 2 Google, Microsoft 2 Chrome, Windows 2025-04-11 N/A
Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is used, allows remote attackers to bypass intended restrictions on access to screen data via vectors involving IPC transmission of GL textures.
CVE-2013-0651 1 Ge 1 Intelligent Platforms Proficy Real-time Information Portal 2025-04-11 N/A
The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request.
CVE-2013-0652 1 Ge 1 Intelligent Platforms Proficy Real-time Information Portal 2025-04-11 N/A
GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call.
CVE-2013-2930 2 Linux, Redhat 2 Linux Kernel, Enterprise Mrg 2025-04-11 N/A
The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application.
CVE-2013-3037 1 Ibm 1 Rational Requirements Composer 2025-04-11 N/A
Unspecified vulnerability in IBM Rational Requirements Composer before 4.0.4 makes it easier for local users to gain privileges via unknown vectors.
CVE-2013-0980 1 Apple 1 Iphone Os 2025-04-11 N/A
The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature.
CVE-2013-5145 1 Apple 1 Iphone Os 2025-04-11 N/A
kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message.
CVE-2013-1027 1 Apple 1 Mac Os X 2025-04-11 N/A
Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package.
CVE-2013-1061 2 Canonical, Marc Deslauriers 2 Ubuntu Linux, Software-properties 2025-04-11 N/A
dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
CVE-2013-1064 1 Canonical 2 Apt-xapian-index, Ubuntu Linux 2025-04-11 N/A
apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
CVE-2013-1111 1 Cisco 2 Ata 187 Analog Telephone Adaptor, Ata 187 Analog Telephone Adaptor Firmware 2025-04-11 N/A
The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038.
CVE-2012-1241 1 Artonx.org 1 Activescriptruby 2025-04-11 N/A
GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 does not properly restrict interaction with an Internet Explorer ActiveX environment, which allows remote attackers to execute arbitrary Ruby code via a crafted HTML document.
CVE-2013-1130 2 Apple, Cisco 2 Mac Os X, Anyconnect Secure Mobility Client 2025-04-11 N/A
Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak permissions for a library directory, which allows local users to gain privileges via a crafted library file, aka Bug ID CSCue33619.
CVE-2013-1195 1 Cisco 2 Adaptive Security Appliance Software, Firewall Services Module 2025-04-11 N/A
The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range command, which allows remote attackers to bypass intended access restrictions by sending network traffic during denied time periods, aka Bug IDs CSCuf79091 and CSCug45850.