Export limit exceeded: 365287 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9581 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0969 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| Login Window in Apple Mac OS X before 10.8.3 does not prevent application launching with the VoiceOver feature, which allows physically proximate attackers to bypass authentication and make arbitrary System Preferences changes via unspecified use of the keyboard. | ||||
| CVE-2013-0979 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly consider file types during the permission-setting step of a backup restoration, which allows local users to change the permissions of arbitrary files via a backup that contains a pathname with a symlink. | ||||
| CVE-2013-0980 | 1 Apple | 1 Iphone Os | 2025-04-11 | N/A |
| The Passcode Lock implementation in Apple iOS before 6.1.3 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging an error in the emergency-call feature. | ||||
| CVE-2013-0990 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-11 | N/A |
| SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors. | ||||
| CVE-2013-1027 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package. | ||||
| CVE-2013-1031 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| Power Management in Apple Mac OS X before 10.8.5 does not properly perform locking upon occurrences of a power assertion, which allows physically proximate attackers to bypass intended access restrictions by visiting an unattended workstation on which a locking failure had prevented the startup of the screen saver. | ||||
| CVE-2013-1033 | 1 Apple | 1 Mac Os X | 2025-04-11 | N/A |
| Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access. | ||||
| CVE-2013-1048 | 1 Debian | 1 Apache2 | 2025-04-11 | N/A |
| The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack. | ||||
| CVE-2013-1050 | 1 Gnome | 1 Gnome Screensaver | 2025-04-11 | N/A |
| The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after login and allows physically proximate attackers to bypass screen locking and access an unattended workstation. | ||||
| CVE-2013-1052 | 1 Canonical | 1 Ubuntu Linux | 2025-04-11 | N/A |
| pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo. | ||||
| CVE-2013-1060 | 1 Canonical | 1 Ubuntu Linux | 2025-04-11 | N/A |
| A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the ~buildd directory and consequently reads the system configuration file from the ~buildd directory, which allows local users to gain privileges by leveraging control over the buildd account. | ||||
| CVE-2013-1061 | 2 Canonical, Marc Deslauriers | 2 Ubuntu Linux, Software-properties | 2025-04-11 | N/A |
| dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | ||||
| CVE-2013-1062 | 2 Canonical, Michael Vogt | 2 Ubuntu Linux, Ubuntu-system-service | 2025-04-11 | N/A |
| ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | ||||
| CVE-2013-1063 | 2 Canonical, Evan Dandrea | 2 Ubuntu Linux, Usb-creator | 2025-04-11 | N/A |
| usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | ||||
| CVE-2013-1064 | 1 Canonical | 2 Apt-xapian-index, Ubuntu Linux | 2025-04-11 | N/A |
| apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | ||||
| CVE-2013-1065 | 2 Canonical, Martin Pitt | 2 Ubuntu Linux, Jockey | 2025-04-11 | N/A |
| backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | ||||
| CVE-2013-1066 | 2 Canonical, Ubuntu Developers | 2 Ubuntu Linux, Language-selector | 2025-04-11 | N/A |
| language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. | ||||
| CVE-2013-1067 | 1 Canonical | 1 Ubuntu Linux | 2025-04-11 | N/A |
| Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2013-1069 | 1 Ubuntu | 1 Metal As A Service | 2025-04-11 | N/A |
| Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file. | ||||
| CVE-2013-1090 | 1 Opensuse | 1 Opensuse | 2025-04-11 | N/A |
| The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership for certain configuration files and directories including /etc/apache2/vhosts.d, which allows local wwwrun users to gain privileges via unspecified vectors. | ||||