Total
5442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-5158 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
| The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors. | ||||
| CVE-2013-5133 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
| Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data. | ||||
| CVE-2013-5145 | 1 Apple | 1 Iphone Os | 2024-08-06 | N/A |
| kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | ||||
| CVE-2013-5097 | 1 Juniper | 3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance | 2024-08-06 | N/A |
| Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, aka PR 879462. | ||||
| CVE-2013-5057 | 1 Microsoft | 1 Office | 2024-08-06 | N/A |
| hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM component on a web site that is visited with Internet Explorer, as exploited in the wild in December 2013, aka "HXDS ASLR Vulnerability." | ||||
| CVE-2013-5016 | 2 Broadcom, Microsoft | 2 Symantec Critical System Protection, Windows 2003 Server | 2024-08-06 | N/A |
| Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors. | ||||
| CVE-2013-5096 | 1 Juniper | 3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance | 2024-08-06 | N/A |
| Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly implement role-based access control, which allows remote authenticated users to modify the configuration by leveraging the read-only privilege, aka PR 863804. | ||||
| CVE-2013-5010 | 1 Symantec | 1 Endpoint Protection | 2024-08-06 | N/A |
| The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended policy restrictions and access files or directories via unspecified vectors. | ||||
| CVE-2013-4971 | 1 Puppet | 1 Puppet Enterprise | 2024-08-06 | N/A |
| Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-4956 | 3 Puppet, Puppetlabs, Redhat | 4 Puppet, Puppet Enterprise, Puppet and 1 more | 2024-08-06 | N/A |
| Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if those permissions were used when the modules were originally built, which might allow local users to read or modify those modules depending on the original permissions. | ||||
| CVE-2013-4860 | 1 Radiothermostat | 4 Ct50, Ct50 Firmware, Ct80 and 1 more | 2024-08-06 | N/A |
| Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors. | ||||
| CVE-2013-4851 | 1 Freebsd | 1 Freebsd | 2024-08-06 | N/A |
| The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS server implementation in the kernel in FreeBSD 8.3 and 9.x through 9.1-RELEASE-p5 controls authorization for host/subnet export entries on the basis of group information sent by the client, which allows remote attackers to bypass file permissions on NFS filesystems via crafted requests. | ||||
| CVE-2013-4872 | 1 Google | 1 Glass | 2024-08-06 | N/A |
| Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a crafted symbol, as demonstrated by selecting a Wi-Fi access point in order to conduct a man-in-the-middle attack. | ||||
| CVE-2013-4672 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2024-08-06 | N/A |
| The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 has an incorrect sudoers file, which allows local users to bypass intended access restrictions via a command. | ||||
| CVE-2013-4737 | 1 Qualcomm | 1 Quic Mobile Station Modem Kernel | 2024-08-06 | N/A |
| The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended access restrictions by leveraging the presence of RWX memory at a fixed location. | ||||
| CVE-2013-4677 | 1 Symantec | 1 Backup Exec | 2024-08-06 | N/A |
| Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 uses weak permissions (Everyone: Read and Everyone: Change) for backup data files, which allows local users to obtain sensitive information or modify the outcome of a restore via direct access to these files. | ||||
| CVE-2013-4661 | 1 Civicrm | 1 Civicrm | 2024-08-06 | N/A |
| CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with the "access CiviCRM" permission to bypass intended access restrictions, as demonstrated by accessing custom contribution data without having the "access CiviContribute" permission. | ||||
| CVE-2013-4597 | 1 Rik De Boer | 1 Revisioning | 2024-08-06 | N/A |
| The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2013-4596 | 1 Danielkorte | 1 Nodeaccesskeys | 2024-08-06 | N/A |
| The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing. | ||||
| CVE-2013-4598 | 1 Groups Communities And Co Project | 1 Gcc | 2024-08-06 | N/A |
| The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors. | ||||