ReportizFlow
Filtered by vendor
Subscriptions
Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-2247 | 2 Drupal, Fast Permissions Administration Project | 2 Drupal, Fast Permission Administration | 2025-04-11 | N/A |
| The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers to obtain unspecified access to the permissions edit form. | ||||
| CVE-2013-2256 | 2 Openstack, Redhat | 2 Nova, Openstack | 2025-04-11 | N/A |
| OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id. | ||||
| CVE-2013-2269 | 1 Arubanetworks | 2 Clearpass, Clearpass Guest | 2025-04-11 | N/A |
| The Sponsorship Confirmation functionality in Aruba Networks ClearPass 5.x, 6.0.1, and 6.0.2, and Amigopod/ClearPass Guest 3.0 through 3.9.7, allows remote attackers to bypass intended access restrictions and approve a request by sending a guest request, then using "parameter manipulation" in conjunction with information from a "default holding page" to discover the link that is used for sponsor approval of the guest request, then performing a direct request to that link. | ||||
| CVE-2013-2373 | 1 Tibco | 1 Spotfire Web Player | 2025-04-11 | N/A |
| The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | ||||
| CVE-2011-2471 | 1 Maynard Johnson | 1 Oprofile | 2025-04-11 | N/A |
| utils/opcontrol in OProfile 0.9.6 and earlier might allow local users to gain privileges via shell metacharacters in the (1) --vmlinux, (2) --session-dir, or (3) --xen argument, related to the daemonrc file and the do_save_setup and do_load_setup functions, a different vulnerability than CVE-2011-1760. | ||||
| CVE-2013-2640 | 2 Mailup, Wordpress | 2 Wp-mailup, Wordpress | 2025-04-11 | N/A |
| ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731. | ||||
| CVE-2013-2776 | 3 Apple, Redhat, Todd Miller | 3 Mac Os X, Enterprise Linux, Sudo | 2025-04-11 | N/A |
| sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. | ||||
| CVE-2013-2777 | 3 Apple, Redhat, Todd Miller | 3 Mac Os X, Enterprise Linux, Sudo | 2025-04-11 | N/A |
| sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. | ||||
| CVE-2013-3407 | 1 Cisco | 1 Server Provisioner | 2025-04-11 | N/A |
| The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 and earlier does not require authentication for unspecified pages, which allows remote attackers to obtain sensitive information via a direct request, aka Bug ID CSCug65664. | ||||
| CVE-2013-4677 | 1 Symantec | 1 Backup Exec | 2025-04-11 | N/A |
| Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files. | ||||
| CVE-2013-4825 | 1 Hp | 2 Imc Service Operation Management Software Module, Intelligent Management Center | 2025-04-11 | N/A |
| Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown vectors, aka ZDI-CAN-1645. | ||||
| CVE-2013-0665 | 1 Selinc | 1 Acselerator Quickset | 2025-04-11 | N/A |
| Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before 5.12.0.1 uses weak permissions for its Program Files directory, which allows local users to replace executable files, and consequently gain privileges, via standard filesystem operations. | ||||
| CVE-2013-0706 | 1 Nec | 1 Universal Raid Utility | 2025-04-11 | N/A |
| NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and earlier, and 2.5 Rev 2244 and earlier does not provide access control, which allows remote attackers to perform arbitrary RAID disk operations via unspecified vectors. | ||||
| CVE-2013-0685 | 1 Invensys | 1 Wonderware Information Server | 2025-04-11 | N/A |
| Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal does not restrict unspecified size and amount values, which allows remote attackers to execute arbitrary code or cause a denial of service (resource consumption) via unknown vectors. | ||||
| CVE-2011-2367 | 1 Mozilla | 1 Firefox | 2025-04-11 | N/A |
| The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict read operations, which allows remote attackers to obtain sensitive information from GPU memory associated with an arbitrary process, or cause a denial of service (application crash), via unspecified vectors. | ||||
| CVE-2009-5085 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2025-04-11 | N/A |
| IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, when configured as an OpenID provider, does not delete the site information cookie in response to a user's deletion of a relying-party trust entry, which allows user-assisted remote attackers to bypass intended trust restrictions via vectors that trigger absence of the consent-to-authenticate page. | ||||
| CVE-2012-4225 | 1 Nvidia | 1 Unix Graphic Driver | 2025-04-11 | N/A |
| NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows local users to write to arbitrary physical memory locations and gain privileges by modifying the VGA window using /dev/nvidia0. | ||||
| CVE-2010-0791 | 1 Ncpfs | 1 Ncpfs | 2025-04-11 | N/A |
| The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits. | ||||
| CVE-2013-0718 | 1 Simeji | 1 Simeji | 2025-04-11 | N/A |
| The Simeji application 4.8.1 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. | ||||
| CVE-2011-2495 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more | 2025-04-11 | N/A |
| fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly restrict access to /proc/#####/io files, which allows local users to obtain sensitive I/O statistics by polling a file, as demonstrated by discovering the length of another user's password. | ||||