Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2786 | 1 Alstom | 2 Micom S1 Agile, Micom S1 Studio | 2024-11-21 | 6.6 MEDIUM | N/A |
| Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 Studio use weak permissions for the MiCOM S1 %PROGRAMFILES% directory, which allows local users to gain privileges via a Trojan horse executable file. | |||||
| CVE-2013-2777 | 2 Apple, Todd Miller | 2 Mac Os X, Sudo | 2024-11-21 | 4.4 MEDIUM | N/A |
| sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. | |||||
| CVE-2013-2776 | 2 Apple, Todd Miller | 2 Mac Os X, Sudo | 2024-11-21 | 4.4 MEDIUM | N/A |
| sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. | |||||
| CVE-2013-2757 | 1 Citrix | 1 Cloudplatform | 2024-11-21 | 7.5 HIGH | N/A |
| Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 Patch C does not properly restrict access to VNC ports on the management network, which allows remote attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2013-2747 | 1 Courion | 1 Access Risk Management Suite | 2024-11-21 | 6.5 MEDIUM | N/A |
| The password reset feature in Courion Access Risk Management Suite Version 8 Update 9 allows remote authenticated users to bypass intended Internet Explorer usage restrictions and execute arbitrary commands by using keyboard shortcuts to navigate the file system and open a command prompt. | |||||
| CVE-2013-2640 | 2 Mailup, Wordpress | 2 Wp-mailup, Wordpress | 2024-11-21 | 5.0 MEDIUM | N/A |
| ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731. | |||||
| CVE-2013-2604 | 1 Realnetworks | 1 Realarcade Installer | 2024-11-21 | 7.2 HIGH | N/A |
| RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory. | |||||
| CVE-2013-2595 | 1 Codeaurora | 1 Android-msm | 2024-11-21 | 7.2 HIGH | N/A |
| The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which allows attackers to gain privileges via a crafted application. | |||||
| CVE-2013-2581 | 1 Tp-link | 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more | 2024-11-21 | 7.8 HIGH | N/A |
| cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action. | |||||
| CVE-2013-2563 | 1 Mambo-foundation | 1 Mambo Cms | 2024-11-21 | 2.1 LOW | N/A |
| Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file. | |||||
| CVE-2013-2506 | 1 Spreecommerce | 1 Spree | 2024-11-21 | 4.0 MEDIUM | N/A |
| app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves. | |||||
| CVE-2013-2373 | 1 Tibco | 1 Spotfire Web Player | 2024-11-21 | 6.4 MEDIUM | N/A |
| The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2013-2355 | 1 Hp | 1 System Management Homepage | 2024-11-21 | 5.0 MEDIUM | N/A |
| HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2012-5217. | |||||
| CVE-2013-2323 | 1 Hp | 1 Nonstop Sql\/mx | 2024-11-21 | 6.0 MEDIUM | N/A |
| HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to bypass intended access restrictions and modify data via unspecified vectors, aka the "SQL/MP tables" issue. | |||||
| CVE-2013-2318 | 1 Jig | 2 Movatwitouch, Movatwitouch Paid | 2024-11-21 | 2.6 LOW | N/A |
| The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allows attackers to hijack Twitter accounts via a crafted application. | |||||
| CVE-2013-2304 | 2 Fenrir-inc, Google | 2 Sleipnir Mobile, Android | 2024-11-21 | 5.8 MEDIUM | N/A |
| The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile Black Edition application 2.8.0 and earlier for Android allow remote attackers to load arbitrary Extension APIs, and trigger downloads or obtain sensitive HTTP response-body information, via a crafted web page. | |||||
| CVE-2013-2301 | 1 Omron | 1 Openwnn | 2024-11-21 | 4.3 MEDIUM | N/A |
| The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. | |||||
| CVE-2013-2300 | 1 Pm9 | 1 Flickwnn | 2024-11-21 | 5.0 MEDIUM | N/A |
| The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. | |||||
| CVE-2013-2296 | 1 Eucalyptus | 1 Eucalyptus | 2024-11-21 | 5.5 MEDIUM | N/A |
| Walrus in Eucalyptus before 3.2.2 does not verify authorization for the GetBucketLoggingStatus, SetBucketLoggingStatus, and SetBucketVersioningStatus bucket operations, which allows remote authenticated users to bypass intended restrictions on (1) modifying the logging setting, (2) modifying the versioning setting, or (3) accessing activity logs via a request. | |||||
| CVE-2013-2271 | 1 Dlink | 2 Dsl-2740b, Dsl-2740b Firmware | 2024-11-21 | 7.6 HIGH | N/A |
| The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active administrator session exists, allows remote attackers to bypass authentication and gain administrator access via a request to login.cgi. | |||||