Search Results (9574 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-5171 1 Apple 1 Mac Os X 2025-04-11 N/A
CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration.
CVE-2013-5169 1 Apple 1 Mac Os X 2025-04-11 N/A
CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen.
CVE-2013-5364 2 Redhat, Secunia 2 Enterprise Linux, Csi Agent 2025-04-11 N/A
Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml, which allows local users to change CSI Agent configuration by modifying this file.
CVE-2013-5371 1 Ibm 1 Tivoli Storage Manager 2025-04-11 N/A
The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
CVE-2013-5506 1 Cisco 1 Firewall Services Module Software 2025-04-11 N/A
The authorization functionality in Cisco Firewall Services Module (FWSM) 3.1.x and 3.2.x before 3.2(25) and 4.x before 4.1(13), when multiple-context mode is enabled, allows local users to read or modify any context's configuration via unspecified commands, aka Bug ID CSCue46080.
CVE-2013-5538 1 Cisco 2 Identity Services Engine, Identity Services Engine Software 2025-04-11 N/A
The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak permissions for uploaded files, which allows remote attackers to read arbitrary files via a direct request, aka Bug ID CSCui67506.
CVE-2013-5556 1 Cisco 1 Nexus 1000v 2025-04-11 N/A
The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Security Gateway 4.2(1)VSG1(1) for Nexus 1000V switches allows local users to gain privileges and execute arbitrary commands via crafted "install all iso" arguments, aka Bug ID CSCui21340.
CVE-2011-1974 1 Microsoft 3 Windows 2003 Server, Windows Server 2003, Windows Xp 2025-04-11 N/A
NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
CVE-2013-5754 1 Dahuasecurity 65 Dvr0404hd-a, Dvr0404hd-l, Dvr0404hd-s and 62 more 2025-04-11 N/A
The authorization implementation on Dahua DVR appliances accepts a hash string representing the current date for the role of a master password, which makes it easier for remote attackers to obtain administrative access and change the administrator password via requests involving (1) ActiveX, (2) a standalone client, or (3) unspecified other vectors, a different vulnerability than CVE-2013-3612.
CVE-2013-6375 2 Opensuse, Xen 2 Opensuse, Xen 2025-04-11 N/A
Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does not properly flush the TLB after clearing a present translation table entry, which allows local guest administrators to cause a denial of service or gain privileges via unspecified vectors related to an "inverted boolean parameter."
CVE-2013-6617 1 Saltstack 1 Salt 2025-04-11 N/A
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.
CVE-2013-6728 1 Ibm 1 Websphere Dashboard Framework 2025-04-11 N/A
The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1.5 and 7.0.1 allows remote attackers to view or delete image files by leveraging incorrect security constraints for a temporary directory.
CVE-2013-6734 1 Ibm 1 Websphere Extreme Scale Client 2025-04-11 N/A
IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container.
CVE-2013-6863 1 Sybase 1 Adaptive Server Enterprise 2025-04-11 N/A
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2013-5606 2 Mozilla, Redhat 2 Network Security Services, Enterprise Linux 2025-04-11 N/A
The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.
CVE-2013-6945 1 Osehra 1 Vista 2025-04-11 N/A
The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw."
CVE-2013-7067 2 Drupal, Mike Stefanello 2 Drupal, Og Features 2025-04-11 N/A
The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not properly override pages that have an access callback set to false, which allows remote attackers to bypass intended access restrictions via a request.
CVE-2013-7073 1 Typo3 1 Typo3 2025-04-11 N/A
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
CVE-2013-7042 1 Novell 1 Suse Lifecycle Management Server 2025-04-11 N/A
SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors.
CVE-2013-7081 1 Typo3 1 Typo3 2025-04-11 N/A
The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.