CVEs from 2013
Total
5,685
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-6885 | medium | — | 4.7 | 13y ago | The microcode on AMD 16h 00h through 0Fh processors does not properly handle the interaction between locked instructions and write-combined memory types, which allows local users to cause a denial of… | |||
| CVE-2013-6380 | medium | — | 4.7 | 13y ago | The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of serv… | |||
| CVE-2013-2823 | medium | — | 4.7 | 13y ago | The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE Intelligent Platforms Proficy DNP3 I/O driver before 7.20k, as used in DNPDrv.exe (aka the DNP master station server) in GE Intelligent… | |||
| CVE-2013-5193 | medium | — | 4.7 | 13y ago | The App Store component in Apple iOS before 7.0.4 does not properly enforce an intended transaction-time password requirement, which allows local users to complete a (1) App purchase or (2) In-App pu… | |||
| CVE-2013-4514 | medium | — | 4.7 | 13y ago | Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveragin… | |||
| CVE-2013-4512 | medium | — | 4.7 | 13y ago | Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other imp… | |||
| CVE-2013-2239 | medium | — | 4.7 | 13y ago | vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel … | |||
| CVE-2013-2058 | medium | — | 4.7 | 13y ago | The host_start function in drivers/usb/chipidea/host.c in the Linux kernel before 3.7.4 does not properly support a certain non-streaming option, which allows local users to cause a denial of service… | |||
| CVE-2013-5666 | medium | — | 4.7 | 13y ago | The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive info… | |||
| CVE-2013-5138 | medium | — | 4.7 | 13y ago | IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted application. | |||
| CVE-2013-2899 | medium | — | 4.7 | 13y ago | drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a den… | |||
| CVE-2013-2897 | medium | — | 4.7 | 13y ago | Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically pro… | |||
| CVE-2013-2896 | medium | — | 4.7 | 13y ago | drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of se… | |||
| CVE-2013-2894 | medium | — | 4.7 | 13y ago | drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LENOVO_TPKBD is enabled, allows physically proximate attackers to cause … | |||
| CVE-2013-2893 | medium | — | 4.7 | 13y ago | The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to … | |||
| CVE-2013-2892 | medium | — | 4.7 | 13y ago | drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of… | |||
| CVE-2013-2891 | medium | — | 4.7 | 13y ago | drivers/hid/hid-steelseries.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_STEELSERIES is enabled, allows physically proximate attackers to cause a … | |||
| CVE-2013-2890 | medium | — | 4.7 | 13y ago | drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SONY is enabled, allows physically proximate attackers to cause a denial of serv… | |||
| CVE-2013-2889 | medium | — | 4.7 | 13y ago | drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of … | |||
| CVE-2013-3495 | medium | — | 4.7 | 13y ago | The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x allows local guests to cause a denial of service (kernel panic) via a malformed Message Signaled Interrupt (MSI) from a PCI device… | |||
| CVE-2013-4205 | medium | — | 4.7 | 13y ago | Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUS… | |||
| CVE-2013-2078 | medium | — | 4.7 | 13y ago | Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users to cause a denial of service (hypervisor crash) via certain bit combinations to the XSETBV instruction. | |||
| CVE-2013-2798 | medium | — | 4.7 | 13y ago | Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over… | |||
| CVE-2013-4163 | medium | — | 4.7 | 13y ago | The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 implementation in the Linux kernel through 3.10.3 does not properly maintain information about whether the IPV6_MTU setsockopt op… | |||
| CVE-2013-4162 | medium | — | 4.7 | 13y ago | The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 implementation in the Linux kernel through 3.10.3 makes an incorrect function call for pending data, which allows local users to … | |||
| CVE-2013-4129 | medium | — | 4.7 | 13y ago | The bridge multicast implementation in the Linux kernel through 3.10.3 does not check whether a certain timer is armed before modifying the timeout value of that timer, which allows local users to ca… | |||
| CVE-2013-4127 | medium | — | 4.7 | 13y ago | Use-after-free vulnerability in the vhost_net_set_backend function in drivers/vhost/net.c in the Linux kernel through 3.10.3 allows local users to cause a denial of service (OOPS and system crash) vi… | |||
| CVE-2013-3797 | medium | — | 4.7 | 13y ago | Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Filesystem/DevFS. | |||
| CVE-2013-2188 | medium | — | 4.7 | 13y ago | A certain Red Hat patch to the do_filp_open function in fs/namei.c in the kernel package before 2.6.32-358.11.1.el6 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle failure to obtain wri… | |||
| CVE-2013-1613 | medium | — | 4.7 | 13y ago | SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users t… | |||
| CVE-2013-2146 | medium | — | 4.7 | 13y ago | arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial o… | |||
| CVE-2013-1919 | medium | — | 4.7 | 13y ago | Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which allows local stub domain clients to gain access to IRQs and cause a denial of service via vectors related to "passed-through IRQs … | |||
| CVE-2013-1918 | medium | — | 4.7 | 13y ago | Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and earlier are not preemptible, which allows local PV kernels to cause a denial of service via vectors related to "deep page table tra… | |||
| CVE-2013-3497 | medium | — | 4.7 | 13y ago | Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance and in other contexts, includes a cleartext password in a configuration tab, which makes it easier for physically proximate attack… | |||
| CVE-2013-2015 | medium | — | 4.7 | 13y ago | The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers … | |||
| CVE-2013-1928 | medium | — | 4.7 | 13y ago | The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive… | |||
| CVE-2013-1957 | medium | — | 4.7 | 13y ago | The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only propert… | |||
| CVE-2013-3231 | medium | — | 4.7 | 13y ago | The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel … | |||
| CVE-2013-1494 | medium | — | 4.7 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2013-1792 | medium | — | 4.7 | 13y ago | Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and sys… | |||
| CVE-2013-0309 | medium | — | 4.7 | 14y ago | arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when transparent huge pages are used, does not properly support PROT_NONE memory regions, which allows local users to cause a denial o… | |||
| CVE-2013-0153 | medium | — | 4.7 | 14y ago | The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, when using AMD-Vi for PCI passthrough, uses the same interrupt remapping table for the host and all guests, which allows guests to … | |||
| CVE-2013-0152 | medium | — | 4.7 | 14y ago | Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a denial of service (host memory consumption) by performing nested virtualization in a way that triggers errors that are not prope… | |||
| CVE-2013-6501 | medium | — | 4.6 | 11y ago | The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL … | |||
| CVE-2013-2027 | medium | — | 4.6 | 12y ago | Jython Improper Access Restrictions vulnerability | |||
| CVE-2013-6306 | medium | — | 4.6 | 12y ago | Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges … | |||
| CVE-2013-0204 | medium | — | 4.6 | 12y ago | settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings. | |||
| CVE-2013-6975 | medium | — | 4.6 | 12y ago | Directory traversal vulnerability in the command-line interface in Cisco NX-OS 6.2(2a) and earlier allows local users to read arbitrary files via unspecified input, aka Bug ID CSCul05217. | |||
| CVE-2013-7374 | medium | — | 4.6 | 12y ago | The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypa… | |||
| CVE-2013-7221 | medium | — | 4.6 | 12y ago | The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute ar… | |||
| CVE-2013-7220 | medium | — | 4.6 | 12y ago | js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus o… | |||
| CVE-2013-7348 | medium | — | 4.6 | 12y ago | Double free vulnerability in the ioctx_alloc function in fs/aio.c in the Linux kernel before 3.12.4 allows local users to cause a denial of service (system crash) or possibly have unspecified other i… | |||
| CVE-2013-2089 | medium | — | 4.6 | 12y ago | Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the … | |||
| CVE-2013-6412 | medium | — | 4.6 | 13y ago | The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be… | |||
| CVE-2013-5888 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when running with GNOME, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||
| CVE-2013-5821 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC. | |||
| CVE-2013-5010 | medium | — | 4.6 | 13y ago | The Application/Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x … | |||
| CVE-2013-7042 | medium | — | 4.6 | 13y ago | SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2013-6432 | medium | — | 4.6 | 13y ago | The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel before 3.12.4 does not properly interact with read system calls on ping sockets, which allows local users to cause a denial of service… | |||
| CVE-2013-4465 | medium | — | 4.6 | 13y ago | Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file… | |||
| CVE-2013-5550 | medium | — | 4.6 | 13y ago | The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operatio… | |||
| CVE-2013-4370 | medium | — | 4.6 | 13y ago | The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x and 4.3.x frees certain memory that may still be intended for use, which allows local users to cause a denial of service (heap corr… | |||
| CVE-2013-5008 | medium | — | 4.6 | 13y ago | The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across d… | |||
| CVE-2013-4256 | medium | — | 4.6 | 13y ago | Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display … | |||
| CVE-2013-4326 | medium | — | 4.6 | 13y ago | RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess Po… | |||
| CVE-2013-4324 | medium | — | 4.6 | 13y ago | spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by l… | |||
| CVE-2013-4311 | medium | — | 4.6 | 13y ago | libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race c… | |||
| CVE-2013-1066 | medium | — | 4.6 | 13y ago | language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass inte… | |||
| CVE-2013-1065 | medium | — | 4.6 | 13y ago | backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a Po… | |||
| CVE-2013-1064 | medium | — | 4.6 | 13y ago | apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restr… | |||
| CVE-2013-1063 | medium | — | 4.6 | 13y ago | usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass i… | |||
| CVE-2013-1062 | medium | — | 4.6 | 13y ago | ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass in… | |||
| CVE-2013-1061 | medium | — | 4.6 | 13y ago | dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authorit… | |||
| CVE-2013-3467 | medium | — | 4.6 | 13y ago | Memory leak in the CLI component on Cisco Unified Computing System (UCS) 6100 Fabric Interconnect devices, in certain situations that lack a SPAN session, allows local users to cause a denial of serv… | |||
| CVE-2013-4033 | medium | — | 4.6 | 13y ago | IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. | |||
| CVE-2013-3464 | medium | — | 4.6 | 13y ago | Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo … | |||
| CVE-2013-0943 | medium | — | 4.6 | 13y ago | EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain sensitive configuration information by leveraging operating-system privileges to perform decryption with nsradmin. | |||
| CVE-2013-3028 | medium | — | 4.6 | 13y ago | Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x before 7.0.1.11, 7.1.x before 7.1.0.3, and 7.5.x before 7.5.0.2 on non-Windows platforms allow local users to gain privileges via u… | |||
| CVE-2013-2339 | medium | — | 4.6 | 13y ago | HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero Client, t410 Smart Zero Client, t510 Flexible Thin Client, t5565z Smart Client, t610 Flexible Thin Client, and t610 PLUS Flexible Th… | |||
| CVE-2013-3927 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging re… | |||
| CVE-2013-3951 | medium | — | 4.6 | 13y ago | sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X 10.8.x does not properly parse the Apple strings employed in the user-space stack-cookie implementation, which allows local users… | |||
| CVE-2013-2119 | medium | — | 4.6 | 13y ago | Phusion Passenger Denial of Service | |||
| CVE-2013-1136 | medium | — | 4.6 | 13y ago | The crypto engine process in Cisco IOS on Aggregation Services Router (ASR) Route Processor 2 does not properly manage memory, which allows local users to cause a denial of service (route processor c… | |||
| CVE-2013-1240 | medium | — | 4.6 | 13y ago | The command-line interface in Cisco Unified Communications Manager (CUCM) does not properly validate input, which allows local users to read arbitrary files via unspecified vectors, aka Bug ID CSCue2… | |||
| CVE-2013-2418 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity… | |||
| CVE-2013-1523 | medium | — | 4.6 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors relate… | |||
| CVE-2013-0977 | medium | — | 4.6 | 13y ago | dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requi… | |||
| CVE-2013-0151 | medium | — | 4.6 | 13y ago | The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the x86_32 platform does not prevent HVM_PARAM_NESTEDHVM (aka nested virtualization) operations, which allows guest OS users to cause … | |||
| CVE-2013-1819 | medium | — | 4.6 | 13y ago | The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and sy… | |||
| CVE-2013-1048 | medium | — | 4.6 | 13y ago | The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not proper… | |||
| CVE-2013-0407 | medium | — | 4.6 | 14y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework. | |||
| CVE-2013-1874 | medium | — | 4.4 | 12y ago | Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory. | |||
| CVE-2013-4215 | medium | — | 4.4 | 12y ago | The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping. | |||
| CVE-2013-0296 | medium | — | 4.4 | 12y ago | Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local… | |||
| CVE-2013-6476 | medium | — | 4.4 | 12y ago | The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same… | |||
| CVE-2013-6024 | medium | — | 4.4 | 13y ago | The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.x, and 14.x, BIG-IP Edge Gateway 10.x and 11.x, and FirePass 7.0.0 allow attackers to obtain sensitive information from process memory… | |||
| CVE-2013-3713 | medium | — | 4.4 | 13y ago | The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensiti… | |||
| CVE-2013-5973 | medium | — | 4.4 | 13y ago | VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Serv… | |||
| CVE-2013-6378 | medium | — | 4.4 | 13y ago | The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a… | |||
| CVE-2013-1057 | medium | — | 4.4 | 13y ago | Untrusted search path vulnerability in maas-import-pxe-files in MAAS before 13.10 allows local users to execute arbitrary code via a Trojan horse import_pxe_files configuration file in the current wo… |