Total
1430 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-0889 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2023-12-10 | 6.8 MEDIUM | N/A |
Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file. | |||||
CVE-2012-1342 | 1 Cisco | 1 Carrier Routing System | 2023-12-10 | 5.0 MEDIUM | 5.8 MEDIUM |
Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. | |||||
CVE-2013-0543 | 4 Hp, Ibm, Linux and 1 more | 4 Hp-ux, Websphere Application Server, Linux Kernel and 1 more | 2023-12-10 | 6.8 MEDIUM | N/A |
IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
CVE-2013-6926 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2023-12-10 | 8.0 HIGH | N/A |
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account. | |||||
CVE-2010-2965 | 2 Rockwellautomation, Windriver | 3 1756-enbt\/a, 1756-enbt\/a Firmware, Vxworks | 2023-12-10 | 10.0 HIGH | N/A |
The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and earlier, as used on the Rockwell Automation 1756-ENBT series A with firmware 3.2.6 and 3.6.1 and other products, allows remote attackers to read or modify arbitrary memory locations, perform function calls, or manage tasks via requests to UDP port 17185, a related issue to CVE-2005-3804. | |||||
CVE-2011-1207 | 1 Ibm | 1 Rational System Architect | 2023-12-10 | 9.3 HIGH | N/A |
The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information. | |||||
CVE-2011-1123 | 1 Google | 1 Chrome | 2023-12-10 | 7.5 HIGH | N/A |
Google Chrome before 9.0.597.107 does not properly restrict access to internal extension functions, which has unspecified impact and remote attack vectors. | |||||
CVE-2010-4296 | 3 Apple, Linux, Vmware | 6 Mac Os X, Linux Kernel, Fusion and 3 more | 2023-12-10 | 7.2 HIGH | N/A |
vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files. | |||||
CVE-2007-2586 | 1 Cisco | 1 Ios | 2023-12-10 | 9.3 HIGH | N/A |
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259. | |||||
CVE-2005-2136 | 1 Raritan | 10 Dominion Sx16, Dominion Sx16 Firmware, Dominion Sx32 and 7 more | 2023-12-10 | 4.6 MEDIUM | N/A |
Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users. |