Export limit exceeded: 11388 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9093 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-5156 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. | ||||
| CVE-2013-5154 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | ||||
| CVE-2013-5153 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors. | ||||
| CVE-2013-5149 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that employs a crafted push-notification registration process. | ||||
| CVE-2013-5148 | 1 Apple | 1 Keynote | 2025-04-11 | N/A |
| Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation. | ||||
| CVE-2013-5145 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | ||||
| CVE-2013-5144 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference. | ||||
| CVE-2013-5137 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API. | ||||
| CVE-2013-5097 | 1 Juniper | 3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance | 2025-04-11 | N/A |
| Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, aka PR 879462. | ||||
| CVE-2013-5096 | 1 Juniper | 3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance | 2025-04-11 | N/A |
| Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify the configuration by leveraging the read-only privilege, aka PR 863804. | ||||
| CVE-2013-5057 | 1 Microsoft | 1 Office | 2025-04-11 | N/A |
| hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka "HXDS ASLR Vulnerability." | ||||
| CVE-2013-5030 | 1 Ruckuswireless | 2 Zoneflex 2942, Zoneflex 2942 Firmware | 2025-04-11 | N/A |
| Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login attempt. | ||||
| CVE-2013-5010 | 1 Symantec | 1 Endpoint Protection | 2025-04-11 | N/A |
| The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors. | ||||
| CVE-2013-4987 | 1 Pineapp | 1 Mail-secure | 2025-04-11 | N/A |
| PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command. | ||||
| CVE-2013-4984 | 1 Sophos | 1 Web Appliance | 2025-04-11 | N/A |
| The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument. | ||||
| CVE-2013-4964 | 1 Puppet | 1 Puppet Enterprise | 2025-04-11 | N/A |
| Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2013-4956 | 3 Puppet, Puppetlabs, Redhat | 4 Puppet, Puppet Enterprise, Puppet and 1 more | 2025-04-11 | N/A |
| Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions. | ||||
| CVE-2013-4943 | 1 Siemens | 1 Comos | 2025-04-11 | N/A |
| The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access. | ||||
| CVE-2013-4938 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The LTI (aka IMS-LTI) mod_form implementation in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly support the sendname, sendemailaddr, and acceptgrades settings, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging an environment in which there was an ineffective attempt to enable the more secure values. | ||||
| CVE-2013-4878 | 2 Linux, Parallels | 3 Linux Kernel, Parallels Plesk Panel, Parallels Small Business Panel | 2025-04-11 | N/A |
| The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823. | ||||