Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4400 | 1 Redhat | 1 Libvirt | 2025-04-11 | N/A |
| virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. | ||||
| CVE-2010-2296 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| The implementation of unspecified DOM methods in Google Chrome before 5.0.375.70 allows remote attackers to bypass the Same Origin Policy via unknown vectors. | ||||
| CVE-2012-1448 | 4 Cat, Emsisoft, Ikarus and 1 more | 5 Quick Heal, Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner and 2 more | 2025-04-11 | N/A |
| The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend Micro AntiVirus 9.120.0.1004, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Trend Micro HouseCall 9.120.0.1004, and Emsisoft Anti-Malware 5.1.0.1 allows remote attackers to bypass malware detection via a CAB file with a modified cbCabinet field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations. | ||||
| CVE-2013-4379 | 2 Drupal, Sebastien Corbin | 2 Drupal, Make Meeting Scheduler Module | 2025-04-11 | N/A |
| The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the hashed URL. | ||||
| CVE-2013-4362 | 1 Werner Baumann | 1 Davfs2 | 2025-04-11 | N/A |
| WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function. | ||||
| CVE-2010-2291 | 1 Snom | 1 Voip Phone Firmware | 2025-04-11 | N/A |
| Unspecified vulnerability in the web interface in snom VoIP Phone firmware 8 before 8.2.35 allows remote attackers to bypass intended restrictions and modify user credentials via unknown vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-4356 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash). | ||||
| CVE-2013-4331 | 1 Robert Ancell | 1 Lightdm | 2025-04-11 | N/A |
| Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2010-2242 | 2 Libvirt, Redhat | 2 Libvirt, Rhel Virtualization | 2025-04-11 | N/A |
| Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with improper mappings of privileged source ports, which allows guest OS users to bypass intended access restrictions by leveraging IP address and source-port values, as demonstrated by copying and deleting an NFS directory tree. | ||||
| CVE-2013-4329 | 1 Xen | 1 Xen | 2025-04-11 | N/A |
| The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows local HVM guest domains to gain privileges or cause a denial of service via a DMA instruction. | ||||
| CVE-2013-4326 | 2 Lennart Poettering, Redhat | 2 Rkit, Enterprise Linux | 2025-04-11 | N/A |
| RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | ||||
| CVE-2010-2241 | 1 Redhat | 1 Directory Server | 2025-04-11 | N/A |
| The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red Hat Directory Server 8 before 8.2 use world-readable permissions when creating cache files, which allows local users to obtain sensitive information including passwords for Directory and Administration Server administrative accounts. | ||||
| CVE-2013-4324 | 2 Redhat, Spice-gtk Project | 2 Enterprise Linux, Spice-gtk | 2025-04-11 | N/A |
| spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | ||||
| CVE-2010-2238 | 1 Libvirt | 1 Libvirt | 2025-04-11 | N/A |
| Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors. | ||||
| CVE-2013-0172 | 1 Samba | 1 Samba | 2025-04-11 | N/A |
| Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute. | ||||
| CVE-2013-4319 | 1 Adaptivecomputing | 1 Torque Resource Manager | 2025-04-11 | N/A |
| pbs_mom in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.5.x, 4.x, and earlier does not properly restrict access by unprivileged ports, which allows remote authenticated users to execute arbitrary jobs by submitting a command. | ||||
| CVE-2013-4439 | 1 Saltstack | 1 Salt | 2025-04-11 | N/A |
| Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. | ||||
| CVE-2010-2224 | 1 Redhat | 2 Enterprise Linux, Enterprise Virtualization Manager | 2025-04-11 | N/A |
| The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine. | ||||
| CVE-2013-4291 | 1 Redhat | 1 Libvirt | 2025-04-11 | N/A |
| The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, 1.0.5.5, and 1.1.1, when the domain has read an uid:gid label, does not properly set group memberships, which allows local users to gain privileges. | ||||
| CVE-2010-2197 | 1 Rpm | 1 Rpm | 2025-04-11 | N/A |
| rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax of spec files, which allows user-assisted remote attackers to remove home directories via vectors involving a ;~ (semicolon tilde) sequence in a Name tag. | ||||