Export limit exceeded: 361806 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9517 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6773 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-11-21 | 7.8 High |
| Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges | ||||
| CVE-2013-6295 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 9.8 Critical |
| PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module | ||||
| CVE-2013-6231 | 1 Eng | 1 Spagobi | 2024-11-21 | 8.8 High |
| SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script | ||||
| CVE-2013-5027 | 1 O-dyn | 1 Collabtive | 2024-11-21 | 9.8 Critical |
| Collabtive 1.0 has incorrect access control | ||||
| CVE-2013-4975 | 1 Hikvision | 2 Ds-2cd7153-e, Ds-2cd7153-e Firmware | 2024-11-21 | 8.8 High |
| Hikvision DS-2CD7153-E IP Camera has Privilege Escalation | ||||
| CVE-2013-4867 | 1 Ea | 2 Karotz Smart Rabbit, Karotz Smart Rabbit Firmware | 2024-11-21 | 6.3 Medium |
| Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking | ||||
| CVE-2013-4583 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2024-11-21 | 8.8 High |
| The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. | ||||
| CVE-2013-4536 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2024-11-21 | 7.8 High |
| An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | ||||
| CVE-2013-4451 | 1 Gitolite | 1 Gitolite | 2024-11-21 | N/A |
| gitolite commit fa06a34 through 3.5.3 might allow attackers to have unspecified impact via vectors involving world-writable permissions when creating (1) ~/.gitolite.rc, (2) ~/.gitolite, or (3) ~/repositories/gitolite-admin.git on fresh installs. | ||||
| CVE-2013-4251 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. | ||||
| CVE-2013-4161 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2024-11-21 | 7.8 High |
| gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. | ||||
| CVE-2013-3947 | 1 Ahnlab | 1 V3 Internet Security | 2024-11-21 | N/A |
| Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call. | ||||
| CVE-2013-3323 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2024-11-21 | 9.8 Critical |
| A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. | ||||
| CVE-2013-3024 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362. | ||||
| CVE-2013-2625 | 3 Debian, Opensuse, Otrs | 5 Debian Linux, Opensuse, Faq and 2 more | 2024-11-21 | 6.5 Medium |
| An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified | ||||
| CVE-2013-2016 | 3 Debian, Novell, Qemu | 4 Debian Linux, Open Desktop Server, Open Enterprise Server and 1 more | 2024-11-21 | 7.8 High |
| A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host. | ||||
| CVE-2013-2012 | 2 Autojump Project, Debian | 2 Autojump, Debian Linux | 2024-11-21 | 7.3 High |
| autojump before 21.5.8 allows local users to gain privileges via a Trojan horse custom_install directory in the current working directory. | ||||
| CVE-2013-1053 | 1 Canonical | 1 Remote-login-service | 2024-11-21 | 5.5 Medium |
| In crypt.c of remote-login-service, the cryptographic algorithm used to cache usernames and passwords is insecure. An attacker could use this vulnerability to recover usernames and passwords from the file. This issue affects version 1.0.0-0ubuntu3 and prior versions. | ||||
| CVE-2013-0293 | 1 Ovirt | 1 Node | 2024-11-21 | 7.8 High |
| oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation | ||||
| CVE-2013-0267 | 1 Apache | 1 Vcl | 2024-11-21 | N/A |
| The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation. | ||||