Search Results (5493 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-2776 3 Apple, Redhat, Todd Miller 3 Mac Os X, Enterprise Linux, Sudo 2025-04-11 N/A
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
CVE-2012-3516 2 Citrix, Xen 2 Xenserver, Xen 2025-04-11 N/A
The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location.
CVE-2012-3513 1 Munin-monitoring 1 Munin 2025-04-11 N/A
munin-cgi-graph in Munin before 2.0.6, when running as a CGI module under Apache, allows remote attackers to load new configurations and create files in arbitrary directories via the logdir command.
CVE-2012-3512 1 Munin-monitoring 1 Munin 2025-04-11 N/A
Munin before 2.0.6 stores plugin state files that run as root in the same group-writable directory as non-root plugins, which allows local users to execute arbitrary code by replacing a state file, as demonstrated using the smart_ plugin.
CVE-2013-0940 1 Emc 1 Networker 2025-04-11 N/A
The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
CVE-2012-3494 2 Citrix, Xen 2 Xenserver, Xen 2025-04-11 N/A
The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register.
CVE-2013-2866 1 Google 2 Chrome, Chrome Os 2025-04-11 N/A
The Flash plug-in in Google Chrome before 27.0.1453.116, as used on Google Chrome OS before 27.0.1453.116 and separately, does not properly determine whether a user wishes to permit camera or microphone access by a Flash application, which allows remote attackers to obtain sensitive information from a machine's physical environment via a clickjacking attack, as demonstrated by an attack using a crafted Cascading Style Sheets (CSS) opacity property.
CVE-2013-0934 1 Emc 2 Rsa Archer Egrc, Rsa Archer Smartsuite 2025-04-11 N/A
EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allows remote authenticated users to bypass intended access restrictions and modify global reports via unspecified vectors.
CVE-2010-4680 1 Cisco 3 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 2025-04-11 N/A
The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices with software before 8.2(3) permits the viewing of CIFS shares even when CIFS file browsing has been disabled, which allows remote authenticated users to bypass intended access restrictions via CIFS requests, aka Bug ID CSCsz80777.
CVE-2013-2905 2 Debian, Google 2 Debian Linux, Chrome 2025-04-11 N/A
The SharedMemory::Create function in memory/shared_memory_posix.cc in Google Chrome before 29.0.1547.57 uses weak permissions under /dev/shm/, which allows attackers to obtain sensitive information via direct access to a POSIX shared-memory file.
CVE-2014-0018 1 Redhat 6 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 3 more 2025-04-11 N/A
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment.
CVE-2012-3417 2 Jan Kara, Redhat 2 Linux Diskquota, Enterprise Linux 2025-04-11 N/A
The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota (aka quota) before 3.17 invokes the hosts_ctl function the first time without a host name, which might allow remote attackers to bypass TCP Wrappers rules in hosts.deny.
CVE-2013-3596 1 Advanceprotech 1 Advanceware 2025-04-11 N/A
AdvancePro Advanceware allows remote authenticated users to obtain sensitive information about arbitrary customers' orders via a modified id parameter.
CVE-2013-3601 1 Trivantis 1 Coursemill Learning Management System 2025-04-11 N/A
Coursemill Learning Management System (LMS) 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter.
CVE-2021-36879 1 Stylemixthemes 1 Ulisting 2025-03-28 9.8 Critical
Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration.
CVE-2023-24573 1 Dell 1 Command \| Monitor 2025-03-24 4.7 Medium
Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.
CVE-2024-43064 1 Qualcomm 60 Qam8255p, Qam8255p Firmware, Qam8295p and 57 more 2025-02-28 7.5 High
Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU.
CVE-2022-29444 1 Cloudways 1 Breeze 2025-02-20 6.5 Medium
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack.
CVE-2022-29423 1 Edmonsoft 1 Countdown Builder 2025-02-20 3.8 Low
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.
CVE-2022-33198 1 Oxilab 1 Accordions 2025-02-20 9.8 Critical
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.