Export limit exceeded: 10022 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10022 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4862 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-11-21 | 8.1 High |
| MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. | ||||
| CVE-2013-4411 | 2 Fedoraproject, Reviewboard | 2 Fedora, Reviewboard | 2024-11-21 | 4.3 Medium |
| Review Board: URL processing gives unauthorized users access to review lists | ||||
| CVE-2013-4410 | 2 Fedoraproject, Reviewboard | 2 Fedora, Reviewboard | 2024-11-21 | 7.5 High |
| ReviewBoard: has an access-control problem in REST API | ||||
| CVE-2013-4228 | 1 Organic Groups Project | 1 Organic Groups | 2024-11-21 | 4.3 Medium |
| The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors. | ||||
| CVE-2013-4226 | 1 Drupal | 1 Authenticated User Page Caching | 2024-11-21 | 6.5 Medium |
| The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser. | ||||
| CVE-2013-4225 | 2 Redhat, Restful Web Services Project | 2 Satellite, Restful Web Services | 2024-11-21 | 8.8 High |
| The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. | ||||
| CVE-2013-3960 | 1 Easytimestudio | 1 Easy File Manager | 2024-11-21 | 9.9 Critical |
| Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass | ||||
| CVE-2013-3703 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| The controller of the Open Build Service API prior to version 2.4.4 is missing a write permission check, allowing an authenticated attacker to add or remove user roles from packages and/or project meta data. | ||||
| CVE-2013-2673 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2024-11-21 | 6.8 Medium |
| Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access. | ||||
| CVE-2013-2574 | 1 Foscam | 2 Fi8620, Fi8620 Firmware | 2024-11-21 | 7.5 High |
| An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information. | ||||
| CVE-2013-2198 | 1 Login Security Project | 1 Login Security | 2024-11-21 | 9.8 Critical |
| The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username. | ||||
| CVE-2013-1350 | 1 Veraxsystems | 1 Network Management System | 2024-11-21 | 9.1 Critical |
| Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities | ||||
| CVE-2012-6614 | 1 Dlink | 2 Dsr-250n, Dsr-250n Firmware | 2024-11-21 | 7.2 High |
| D-Link DSR-250N devices before 1.08B31 allow remote authenticated users to obtain "persistent root access" via the BusyBox CLI, as demonstrated by overwriting the super user password. | ||||
| CVE-2012-6094 | 2 Apple, Debian | 2 Cups, Debian Linux | 2024-11-21 | 9.8 Critical |
| cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system | ||||
| CVE-2012-3822 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 7.5 High |
| Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials. | ||||
| CVE-2012-3821 | 1 Arialsoftware | 1 Campaign Enterprise | 2024-11-21 | 4.3 Medium |
| A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field. | ||||
| CVE-2012-2238 | 1 Tryton | 1 Trytond | 2024-11-21 | 7.5 High |
| trytond 2.4: ModelView.button fails to validate authorization | ||||
| CVE-2012-0055 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 7.8 High |
| OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions. | ||||
| CVE-2011-4183 | 1 Opensuse | 1 Open Build Service | 2024-11-21 | N/A |
| A vulnerability in open build service allows remote attackers to upload arbitrary RPM files. Affected releases are SUSE open build service prior to 2.1.16. | ||||
| CVE-2011-3617 | 2 Debian, Tahoe-lafs | 2 Debian Linux, Tahoe-lafs | 2024-11-21 | 6.5 Medium |
| Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some cases. | ||||