Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3034 | 1 Cisco | 1 Wireless Lan Controller Software | 2025-04-11 | N/A |
| Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or possibly 4.1 through 6.0.x, allows remote attackers to bypass ACLs in the controller CPU, and consequently send network traffic to unintended segments or devices, via unspecified vectors, a different vulnerability than CVE-2010-0575. | ||||
| CVE-2013-5191 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Guest sessions. | ||||
| CVE-2013-5187 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | ||||
| CVE-2010-3028 | 2 Joomla, Simon Philips | 2 Joomla, Aardvertiser | 2025-04-11 | N/A |
| The Aardvertiser component before 2.2.1 for Joomla! uses insecure permissions (777) in unspecified folders, which allows local users to modify, create, or delete certain files. | ||||
| CVE-2013-5186 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. | ||||
| CVE-2013-5178 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence. | ||||
| CVE-2013-5171 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. | ||||
| CVE-2013-5162 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcode-entry view after use of the Phone app. | ||||
| CVE-2010-3020 | 1 Opera | 1 Opera Browser | 2025-04-11 | N/A |
| The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content. | ||||
| CVE-2013-5161 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Passcode Lock in Apple iOS before 7.0.2 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement, and open the Camera app or read the list of all recently opened apps, by leveraging unspecified transition errors. | ||||
| CVE-2013-5158 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Twitter interaction via unspecified vectors. | ||||
| CVE-2010-2968 | 1 Windriver | 1 Vxworks | 2025-04-11 | N/A |
| The FTP daemon in Wind River VxWorks does not close the TCP connection after a number of failed login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2013-5157 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests to the daemon. | ||||
| CVE-2013-5156 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon. | ||||
| CVE-2011-1974 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2003, Windows Xp | 2025-04-11 | N/A |
| NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability." | ||||
| CVE-2013-5154 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass intended access restrictions via a crafted application. | ||||
| CVE-2013-5148 | 1 Apple | 1 Keynote | 2025-04-11 | N/A |
| Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation. | ||||
| CVE-2010-2929 | 1 Pharscape | 1 Hsolink | 2025-04-11 | N/A |
| Untrusted search path vulnerability in hsolinkcontrol in hsolink 1.0.118 allows local users to gain privileges via a modified PATH environment variable, which is used during execution of the (1) route, (2) mv, and (3) cp programs, a different vulnerability than CVE-2010-1671. | ||||
| CVE-2013-5144 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference. | ||||
| CVE-2013-5145 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| kextd in Kext Management in Apple iOS before 7 does not properly verify authorization for IPC messages, which allows local users to (1) load or (2) unload kernel extensions via a crafted message. | ||||