Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-6889 | 1 Gnu | 1 Rush | 2024-08-06 | N/A |
GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option. | ||||
CVE-2013-6876 | 1 S3dvt Project | 1 S3dvt | 2024-08-06 | N/A |
The (1) pty_init_terminal and (2) pipe_init_terminal functions in main.c in s3dvt 0.2.2 and earlier allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: this vulnerability was fixed with commit ad732f00b411b092c66a04c359da0f16ec3b387, but the version number was not changed. | ||||
CVE-2013-6886 | 3 Apple, Linux, Realvnc | 3 Mac Os X, Linux Kernel, Realvnc | 2024-08-06 | N/A |
RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper. | ||||
CVE-2013-6825 | 1 Offis | 1 Dcmtk | 2024-08-06 | N/A |
(1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) dcmnet/libsrc/scp.cc, (4) dcmwlm/libsrc/wlmactmg.cc, (5) dcmprscp.cc and (6) dcmpsrcv.cc in dcmpstat/apps/, (7) dcmpstat/tests/msgserv.cc, and (8) dcmqrdb/apps/dcmqrscp.cc in DCMTK 3.6.1 and earlier does not check the return value of the setuid system call, which allows local users to gain privileges by creating a large number of processes. | ||||
CVE-2013-6840 | 1 Siemens | 1 Comos | 2024-08-06 | N/A |
Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. | ||||
CVE-2013-6835 | 1 Apple | 2 Iphone Os, Safari | 2024-08-06 | N/A |
TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL. | ||||
CVE-2013-6823 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
GRMGApp in SAP NetWeaver allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
CVE-2013-6775 | 2 Chainfire, Google | 2 Supersu, Android | 2024-08-06 | N/A |
The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su. | ||||
CVE-2013-6796 | 1 Deeproot Linux | 1 Deepofix | 2024-08-06 | N/A |
The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind. | ||||
CVE-2013-6818 | 1 Sap | 1 Netweaver Logviewer | 2024-08-06 | N/A |
SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
CVE-2013-6770 | 2 Google, Koushik Dutta | 2 Android, Superuser | 2024-08-06 | N/A |
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script. | ||||
CVE-2013-6742 | 1 Ibm | 1 Sametime | 2024-08-06 | N/A |
The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | ||||
CVE-2013-6744 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-08-06 | N/A |
The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority. | ||||
CVE-2013-6798 | 3 Apple, Blackberry, Microsoft | 3 Mac Os X, Blackberry Link, Windows | 2024-08-06 | N/A |
BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694. | ||||
CVE-2013-6802 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632. | ||||
CVE-2013-6723 | 1 Ibm | 1 Websphere Portal | 2024-08-06 | N/A |
IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors. | ||||
CVE-2013-6731 | 1 Ibm | 1 Netezza Performance Portal | 2024-08-06 | N/A |
IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request. | ||||
CVE-2013-6734 | 1 Ibm | 1 Websphere Extreme Scale Client | 2024-08-06 | N/A |
IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container. | ||||
CVE-2013-6737 | 1 Ibm | 2 Storwize Unified V7000, Storwize Unified V7000 Software | 2024-08-06 | N/A |
IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied. | ||||
CVE-2013-6713 | 1 Ibm | 1 Tivoli Storage Manager For Virtual Environments | 2024-08-06 | N/A |
The Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (disk consumption) via unspecified GUI actions. |