Search Results (5477 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4259 1 Redhat 1 Ansible 2025-04-11 N/A
runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ControlPersist, allows local users to redirect a ssh session via a symlink attack on a socket file with a predictable name in /tmp/.
CVE-2013-2581 1 Tp-link 5 Lm Firmware, Tl-sc3130, Tl-sc3130g and 2 more 2025-04-11 N/A
cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action.
CVE-2013-4325 2 Hp, Redhat 2 Linux Imaging And Printing Project, Enterprise Linux 2025-04-11 N/A
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
CVE-2013-4604 1 Fortinet 1 Fortios 2025-04-11 N/A
Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by leveraging the Guest role.
CVE-2012-0680 1 Apple 1 Safari 2025-04-11 N/A
Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation.
CVE-2012-6431 1 Sensiolabs 1 Symfony 2025-04-11 N/A
Symfony 2.0.x before 2.0.20 does not process URL encoded data consistently within the Routing and Security components, which allows remote attackers to bypass intended URI restrictions via a doubly encoded string.
CVE-2012-4593 1 Mcafee 2 Application Control, Change Control 2025-04-11 N/A
McAfee Application Control and Change Control 5.1.x and 6.0.0 do not enforce an intended password requirement in certain situations involving attributes of the password file, which allows local users to bypass authentication by executing a command.
CVE-2012-3578 1 Wordpress 2 Fcchat Widget, Wordpress 2025-04-11 N/A
Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images.
CVE-2014-0648 1 Cisco 1 Secure Access Control System 2025-04-11 N/A
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authentication and authorization requirements, which allows remote attackers to obtain administrative access via a request to this interface, aka Bug ID CSCud75187.
CVE-2010-3613 2 Isc, Redhat 2 Bind, Enterprise Linux 2025-04-11 N/A
named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, and 9.7.x before 9.7.2-P3 does not properly handle the combination of signed negative responses and corresponding RRSIG records in the cache, which allows remote attackers to cause a denial of service (daemon crash) via a query for cached data.
CVE-2010-3856 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2025-04-11 N/A
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
CVE-2014-0649 1 Cisco 1 Secure Access Control System 2025-04-11 N/A
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180.
CVE-2013-4729 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.
CVE-2013-4311 2 Canonical, Redhat 3 Ubuntu Linux, Enterprise Linux, Libvirt 2025-04-11 N/A
libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
CVE-2014-0667 1 Cisco 1 Secure Access Control System 2025-04-11 N/A
The RMI interface in Cisco Secure Access Control System (ACS) does not properly enforce authorization requirements, which allows remote authenticated users to read arbitrary files via a request to this interface, aka Bug ID CSCud75169.
CVE-2014-0672 1 Cisco 1 Mediasense 2025-04-11 N/A
The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface.
CVE-2013-4470 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2025-04-11 N/A
The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c.
CVE-2014-0676 1 Cisco 1 Nx-os 2025-04-11 N/A
Cisco NX-OS allows local users to bypass intended TACACS+ command restrictions via a series of multiple commands, aka Bug ID CSCum47367.
CVE-2013-4872 1 Google 1 Glass 2025-04-11 N/A
Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a crafted symbol, as demonstrated by selecting a Wi-Fi access point in order to conduct a man-in-the-middle attack.
CVE-2013-5030 1 Ruckuswireless 2 Zoneflex 2942, Zoneflex 2942 Firmware 2025-04-11 N/A
Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login attempt.