Search Results (9574 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6886 3 Apple, Linux, Realvnc 3 Mac Os X, Linux Kernel, Realvnc 2025-04-11 N/A
RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper.
CVE-2013-6918 1 Satechi 1 Smart Travel Router 2025-04-11 N/A
The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests.
CVE-2013-6945 1 Osehra 1 Vista 2025-04-11 N/A
The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records via unspecified vectors related to a "logic flaw."
CVE-2013-6949 1 Belkin 1 Wemo Home Automation Firmware 2025-04-11 N/A
The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact by leveraging access to a single WeMo device.
CVE-2013-6955 1 Synology 1 Diskstation Manager 2025-04-11 N/A
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.
CVE-2013-6964 1 Cisco 1 Webex Meeting Center 2025-04-11 N/A
Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197.
CVE-2013-6965 1 Cisco 1 Webex Training Center 2025-04-11 N/A
The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183.
CVE-2013-7042 1 Novell 1 Suse Lifecycle Management Server 2025-04-11 N/A
SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses world-readable permissions for the secret keys, which allows local users to gain privileges via unspecified vectors.
CVE-2023-39520 1 Cryptomator 1 Cryptomator 2025-04-10 5.5 Medium
Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround.
CVE-2024-33552 1 8theme 1 Xstore Core 2025-04-10 9.8 Critical
Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8.
CVE-2024-36046 1 Infoblox 1 Nios 2025-04-10 9.8 Critical
Infoblox NIOS through 8.6.4 executes with more privileges than required.
CVE-2023-41243 1 Wpvivid 1 Migration\, Backup\, Staging 2025-04-10 8.8 High
Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90.
CVE-2022-41290 1 Ibm 2 Aix, Vios 2025-04-10 8.4 High
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690.
CVE-2023-25834 1 Esri 1 Portal For Arcgis 2025-04-10 5.4 Medium
Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.
CVE-2022-4808 1 Usememos 1 Memos 2025-04-10 8.8 High
Improper Privilege Management in GitHub repository usememos/memos prior to 0.9.1.
CVE-2024-21141 1 Oracle 1 Vm Virtualbox 2025-04-10 8.2 High
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
CVE-2022-43535 2 Arubanetworks, Microsoft 2 Clearpass Policy Manager, Windows 2025-04-10 7.8 High
A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITY\SYSTEM level privileges on the Windows instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
CVE-2022-43534 2 Arubanetworks, Linux 2 Clearpass Policy Manager, Linux Kernel 2025-04-10 7.8 High
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the Linux instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
CVE-2022-43533 2 Apple, Arubanetworks 2 Macos, Clearpass Policy Manager 2025-04-10 7.8 High
A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below.
CVE-2022-4687 1 Usememos 1 Memos 2025-04-09 8.1 High
Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0.