Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3056 | 1 Joomla | 1 Joomla\! | 2013-05-03 | 4.0 MEDIUM | N/A |
| Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors. | |||||
| CVE-2013-3057 | 1 Joomla | 1 Joomla\! | 2013-05-03 | 4.0 MEDIUM | N/A |
| Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and list the privileges of arbitrary users via unspecified vectors. | |||||
| CVE-2013-3080 | 1 Vmware | 1 Vcenter Server Appliance | 2013-05-01 | 9.0 HIGH | N/A |
| VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access. | |||||
| CVE-2013-3107 | 1 Vmware | 1 Vcenter Server Appliance | 2013-05-01 | 4.3 MEDIUM | N/A |
| VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password. | |||||
| CVE-2013-1215 | 1 Cisco | 3 5500 Series Adaptive Security Appliance, Adaptive Security Appliance Software, Asa 5500 | 2013-04-25 | 6.8 MEDIUM | N/A |
| The vpnclient program in the Easy VPN component on Cisco Adaptive Security Appliances (ASA) 5505 devices allows local users to gain privileges via unspecified vectors, aka Bug ID CSCuf85295. | |||||
| CVE-2013-1182 | 1 Cisco | 6 Unified Computing System 6120xp Fabric Interconnect, Unified Computing System 6140xp Fabric Interconnect, Unified Computing System 6248up Fabric Interconnect and 3 more | 2013-04-25 | 9.3 HIGH | N/A |
| The login page in the Web Console in the Manager component in Cisco Unified Computing System (UCS) before 1.0(2h), 1.1 before 1.1(1j), and 1.3(x) allows remote attackers to bypass LDAP authentication via a malformed request, aka Bug ID CSCtc91207. | |||||
| CVE-2013-3055 | 1 Lexmark | 1 Markvision | 2013-04-24 | 9.3 HIGH | N/A |
| Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors. | |||||
| CVE-2013-1195 | 1 Cisco | 2 Adaptive Security Appliance Software, Firewall Services Module | 2013-04-24 | 5.0 MEDIUM | N/A |
| The time-based ACL implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly handle periodic statements for the time-range command, which allows remote attackers to bypass intended access restrictions by sending network traffic during denied time periods, aka Bug IDs CSCuf79091 and CSCug45850. | |||||
| CVE-2012-4737 | 1 Digium | 2 Asterisk, Certified Asterisk | 2013-04-18 | 6.0 MEDIUM | N/A |
| channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials. | |||||
| CVE-2012-4404 | 1 Moinmo | 1 Moinmoin | 2013-04-18 | 6.0 MEDIUM | N/A |
| security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group. | |||||
| CVE-2012-2389 | 1 W1.fi | 1 Hostapd | 2013-04-18 | 2.1 LOW | N/A |
| hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials. | |||||
| CVE-2013-0687 | 1 Schneider-electric | 1 Micom S1 Studio | 2013-04-17 | 6.6 MEDIUM | N/A |
| The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file. | |||||
| CVE-2013-2835 | 1 Google | 1 Chrome Os | 2013-04-16 | 5.0 MEDIUM | N/A |
| Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834. | |||||
| CVE-2013-2834 | 1 Google | 1 Chrome Os | 2013-04-16 | 5.0 MEDIUM | N/A |
| Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835. | |||||
| CVE-2012-3022 | 1 Canarylabs | 1 Trendlink | 2013-04-16 | 8.5 HIGH | N/A |
| The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted web site. | |||||
| CVE-2013-2304 | 2 Fenrir-inc, Google | 2 Sleipnir Mobile, Android | 2013-04-16 | 5.8 MEDIUM | N/A |
| The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile Black Edition application 2.8.0 and earlier for Android allow remote attackers to load arbitrary Extension APIs, and trigger downloads or obtain sensitive HTTP response-body information, via a crafted web page. | |||||
| CVE-2013-1169 | 1 Cisco | 1 Unified Meetingplace Web Conferencing Server | 2013-04-14 | 9.3 HIGH | N/A |
| Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify cookies, which allows remote attackers to impersonate users via a crafted login request, aka Bug ID CSCuc64846. | |||||
| CVE-2013-0315 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2013-04-14 | 5.0 MEDIUM | N/A |
| The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack. | |||||
| CVE-2012-6120 | 1 Redhat | 2 Openstack Essex, Openstack Folsom | 2013-04-10 | 2.1 LOW | N/A |
| Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files. | |||||
| CVE-2012-5638 | 1 Ovirt | 1 Sanlock | 2013-04-10 | 3.6 LOW | N/A |
| The setup_logging function in log.h in SANLock uses world-writable permissions for /var/log/sanlock.log, which allows local users to overwrite the file content or bypass intended disk-quota restrictions via standard filesystem write operations. | |||||