Search Results (5496 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4198 1 Plone 1 Plone 2025-04-12 N/A
mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality.
CVE-2013-4223 1 Gentoo 1 Nullmailer 2025-04-12 N/A
The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.
CVE-2013-4860 1 Radiothermostat 4 Ct50, Ct50 Firmware, Ct80 and 1 more 2025-04-12 N/A
Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors.
CVE-2013-5016 2 Broadcom, Microsoft 2 Symantec Critical System Protection, Windows 2003 Server 2025-04-12 N/A
Symantec Critical System Protection (SCSP) before 5.2.9, when installed on an unpatched Windows Server 2003 R2 platform, allows remote attackers to bypass policy settings via unspecified vectors.
CVE-2013-6433 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Neutron, Openstack 2025-04-12 N/A
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file.
CVE-2013-6442 2 Redhat, Samba 2 Enterprise Linux, Samba 2025-04-12 N/A
The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change.
CVE-2013-6476 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2025-04-12 N/A
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file.
CVE-2013-6666 1 Google 1 Chrome 2025-04-12 N/A
The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header.
CVE-2013-6713 1 Ibm 1 Tivoli Storage Manager For Virtual Environments 2025-04-12 N/A
The Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (disk consumption) via unspecified GUI actions.
CVE-2013-6714 1 Ibm 1 Tivoli Storage Flashcopy Manager 2025-04-12 N/A
The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions.
CVE-2013-6730 1 Ibm 1 Websphere Portal 2025-04-12 N/A
IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results.
CVE-2013-6731 1 Ibm 1 Netezza Performance Portal 2025-04-12 N/A
IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request.
CVE-2013-6737 1 Ibm 2 Storwize Unified V7000, Storwize Unified V7000 Software 2025-04-12 N/A
IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.0 does not properly restrict the content of a dump file upon encountering a 1691 hardware fault, which allows remote authenticated users to obtain sensitive customer-data fragments by reading this file after it is copied.
CVE-2013-6744 2 Ibm, Microsoft 2 Db2, Windows 2025-04-12 N/A
The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.
CVE-2013-6770 2 Google, Koushik Dutta 2 Android, Superuser 2025-04-12 N/A
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script.
CVE-2013-6775 2 Chainfire, Google 2 Supersu, Android 2025-04-12 N/A
The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su.
CVE-2013-6796 1 Deeproot Linux 1 Deepofix 2025-04-12 N/A
The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.
CVE-2014-0470 1 Super Project 1 Super 2025-04-12 N/A
super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMIT_NPROC attack.
CVE-2014-0483 2 Djangoproject, Opensuse 2 Django, Opensuse 2025-04-12 N/A
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI.
CVE-2014-0484 1 Canonical 1 Acpi-support 2025-04-12 N/A
The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."