Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4613 | 4 Canonical, Debian, Ubuntu and 1 more | 4 Ubuntu Linux, Debian Linux, Linux and 1 more | 2025-04-11 | 5.9 Medium |
| The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY. | ||||
| CVE-2013-3688 | 1 Tp-link | 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more | 2025-04-11 | N/A |
| The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, does not properly restrict access to certain administrative functions, which allows remote attackers to (1) cause a denial of service (device reboot) via a request to cgi-bin/reboot or (2) cause a denial of service (reboot and reset to factory defaults) via a request to cgi-bin/hardfactorydefault. | ||||
| CVE-2013-3686 | 1 Ovislink | 1 Airlive Wl2600cam | 2025-04-11 | N/A |
| cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the administrator password via a list action. | ||||
| CVE-2012-0129 | 1 Hp | 1 Onboard Administrator | 2025-04-11 | N/A |
| HP Onboard Administrator (OA) before 3.50 allows remote attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | ||||
| CVE-2013-3617 | 1 Openbravo | 1 Openbravo Erp | 2025-04-11 | N/A |
| The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity reference to /ws/dal/ADUser or other /ws/dal/XXX interfaces, related to an XML External Entity (XXE) issue. | ||||
| CVE-2010-0545 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, does not set the expected file ownerships during an "Apply to enclosed items" action, which allows local users to bypass intended access restrictions via normal filesystem operations. | ||||
| CVE-2013-3596 | 1 Advanceprotech | 1 Advanceware | 2025-04-11 | N/A |
| AdvancePro Advanceware allows remote authenticated users to obtain sensitive information about arbitrary customers' orders via a modified id parameter. | ||||
| CVE-2011-4297 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity. | ||||
| CVE-2011-4328 | 1 Gnu | 1 Gnash | 2025-04-11 | N/A |
| plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions (world readable) for cookie files with predictable names in /tmp, which allows local users to obtain sensitive information. | ||||
| CVE-2013-3543 | 1 Axis | 1 Media Control Activex Control | 2025-04-11 | N/A |
| The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods. | ||||
| CVE-2013-3509 | 1 Gwos | 1 Groundwork Monitor | 2025-04-11 | N/A |
| html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the scan functionality in the System / NeDi menu. | ||||
| CVE-2013-3500 | 1 Gwos | 1 Groundwork Monitor | 2025-04-11 | N/A |
| The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent attackers to bypass intended filesystem restrictions by leveraging access to a GroundWork script. | ||||
| CVE-2013-3499 | 1 Gwos | 1 Groundwork Monitor | 2025-04-11 | N/A |
| GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted header. | ||||
| CVE-2011-3098 | 3 Google, Microsoft, Opensuse | 3 Chrome, Windows, Opensuse | 2025-04-11 | N/A |
| Google Chrome before 19.0.1084.46 on Windows uses an incorrect search path for the Windows Media Player plug-in, which might allow local users to gain privileges via a Trojan horse plug-in in an unspecified directory. | ||||
| CVE-2013-3495 | 2 Opensuse, Xen | 2 Opensuse, Xen | 2025-04-11 | N/A |
| The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device that is bus mastering capable that triggers a System Error Reporting (SERR) Non-Maskable Interrupt (NMI). | ||||
| CVE-2013-3463 | 1 Cisco | 2 Adaptive Security Appliance, Adaptive Security Appliance Software | 2025-04-11 | N/A |
| The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connection-table exhaustion) via crafted requests that use an inspected protocol, aka Bug ID CSCuh13899. | ||||
| CVE-2013-3438 | 1 Cisco | 1 Unified Meetingplace Web Conferencing | 2025-04-11 | N/A |
| The web framework in the server in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to bypass intended access restrictions and read unspecified web pages via crafted parameters, aka Bug ID CSCuh86385. | ||||
| CVE-2013-3425 | 1 Cisco | 1 Webex | 2025-04-11 | N/A |
| The Meeting Center component in Cisco WebEx 11 generates different error messages for invalid file-access attempts depending on whether a file exists, which allows remote authenticated users to enumerate files via a series of SPI calls, aka Bug ID CSCuc35965. | ||||
| CVE-2011-2201 | 2 Mark Stosberg, Perl | 2 Data\, Perl | 2025-04-11 | N/A |
| The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input. | ||||
| CVE-2013-3407 | 1 Cisco | 1 Server Provisioner | 2025-04-11 | N/A |
| The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information via a direct request, aka Bug ID CSCug65664. | ||||