Note:
This project will be discontinued after December 13, 2021. [more]
Main entries ~3682 :
Remaining NVD entries (unprocessed / no code available): ~267753 :
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2013-05-03 | CVE-2013-1979 | The scm_set_cred function in include/net/scm.h in the Linux kernel before 3.8.11 uses incorrect uid and gid values during credentials passing, which allows local users to gain privileges via a crafted application. | Linux_kernel | N/A | ||
| 2014-02-05 | CVE-2013-1967 | Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter. | Mediaelement\.js, Owncloud | N/A | ||
| 2013-05-03 | CVE-2013-1959 | kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process. | Linux_kernel | N/A | ||
| 2013-04-24 | CVE-2013-1958 | The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, which allows local users to bypass intended access restrictions by leveraging the time interval during which a user namespace has been created but a PID namespace has not been created. | Linux_kernel | N/A | ||
| 2013-04-24 | CVE-2013-1957 | The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only property of a filesystem by leveraging a separate mount namespace. | Linux_kernel | N/A | ||
| 2013-04-24 | CVE-2013-1956 | The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows local users to bypass intended filesystem restrictions via a crafted clone system call. | Linux_kernel | N/A | ||
| 2013-04-29 | CVE-2013-1944 | The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. | Ubuntu_linux, Curl, Libcurl | N/A |
| Date | Id | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2024-11-29 | CVE-2024-45495 | MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking. | N/A | N/A | |
| 2024-11-29 | CVE-2024-35451 | LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF. | N/A | N/A | |
| 2024-11-29 | CVE-2024-48651 | In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql. | N/A | N/A | |
| 2024-11-29 | CVE-2024-54123 | Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format. | N/A | N/A | |
| 2024-11-29 | CVE-2024-54124 | In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen. | N/A | N/A | |
| 2024-11-29 | CVE-2024-11978 | DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | N/A | 7.5 | |
| 2024-11-29 | CVE-2024-11979 | DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | N/A | 9.8 |