Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6271 | 1 Google | 1 Android | 2025-04-11 | N/A |
| Android 4.0 through 4.3 allows attackers to bypass intended access restrictions and remove device locks via a crafted application that invokes the updateUnlockMethodAndFinish method in the com.android.settings.ChooseLockGeneric class with the PASSWORD_QUALITY_UNSPECIFIED option. | ||||
| CVE-2013-6246 | 1 Dell | 1 Quest One Password Manager | 2025-04-11 | N/A |
| The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters. | ||||
| CVE-2013-6180 | 1 Emc | 2 Rsa Netwitness Nextgen, Rsa Security Analytics | 2025-04-11 | N/A |
| EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness NextGen 9.8, does not ensure that SA Core requests originate from the SA REST UI, which allows remote attackers to bypass intended access restrictions by sending a Core request from a web browser or other unintended user agent. | ||||
| CVE-2013-6077 | 1 Citrix | 1 Xendesktop | 2025-04-11 | N/A |
| Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not properly enforce policy rule permissions, which allows remote attackers to bypass intended restrictions. | ||||
| CVE-2010-3498 | 1 Avg | 1 Anti-virus | 2025-04-11 | N/A |
| AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. | ||||
| CVE-2013-6004 | 1 Cybozu | 1 Garoon | 2025-04-11 | N/A |
| Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors. | ||||
| CVE-2013-5972 | 1 Vmware | 2 Player, Workstation | 2025-04-11 | N/A |
| VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors. | ||||
| CVE-2010-3497 | 1 Symantec | 1 Norton Antivirus | 2025-04-11 | N/A |
| Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)." | ||||
| CVE-2013-5971 | 1 Vmware | 1 Vcenter Server | 2025-04-11 | N/A |
| Session fixation vulnerability in the vSphere Web Client Server in VMware vCenter Server 5.0 before Update 3 allows remote attackers to hijack web sessions and gain privileges via unspecified vectors. | ||||
| CVE-2013-5965 | 2 Adcisolutions, Drupal | 2 Node View Permissions, Drupal | 2025-04-11 | N/A |
| The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by reading a node listing. | ||||
| CVE-2010-3483 | 1 Bouzouste | 1 Primitive Cms | 2025-04-11 | N/A |
| cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters. | ||||
| CVE-2013-5973 | 1 Vmware | 2 Esx, Esxi | 2025-04-11 | N/A |
| VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename. | ||||
| CVE-2013-5725 | 1 Metaclassy | 1 Byword | 2025-04-11 | N/A |
| The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in a byword://replace URL. | ||||
| CVE-2010-3321 | 1 Rsa | 1 Authentication Client | 2025-04-11 | N/A |
| RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not properly handle a SENSITIVE or NON-EXTRACTABLE tag on a secret key object that is stored on a SecurID 800 authenticator, which allows local users to bypass intended access restrictions and read keys via unspecified PKCS#11 API requests. | ||||
| CVE-2013-5724 | 1 Debian | 1 Phpbb3 | 2025-04-11 | N/A |
| Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable permissions for cache files, which allows local users to modify the file contents via standard filesystem write operations. | ||||
| CVE-2013-5710 | 1 Freebsd | 1 Freebsd | 2025-04-11 | N/A |
| The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs instance to a file in a different instance. | ||||
| CVE-2013-5663 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-11 | N/A |
| The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that trigger invalid caching, as demonstrated by incorrect identification of HTTP traffic as SIP traffic, aka Ref ID 47195. | ||||
| CVE-2013-5606 | 2 Mozilla, Redhat | 2 Network Security Services, Enterprise Linux | 2025-04-11 | N/A |
| The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. | ||||
| CVE-2010-3304 | 1 Dovecot | 1 Dovecot | 2025-04-11 | N/A |
| The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs. | ||||
| CVE-2010-2532 | 1 Opensuse | 1 Opensuse | 2025-04-11 | N/A |
| lxsession-logout in lxsession in LXDE, as used on SUSE openSUSE 11.3 and other platforms, does not lock the screen when the Suspend or Hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments. | ||||