Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3514 | 1 Rubyonrails | 1 Rails | 2024-02-28 | 7.5 HIGH | N/A |
activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls. | |||||
CVE-2013-5371 | 1 Ibm | 1 Tivoli Storage Manager | 2024-02-28 | 2.1 LOW | N/A |
The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on Windows does not preserve permissions of Resilient File System (ReFS) files across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations. | |||||
CVE-2014-0731 | 1 Cisco | 1 Unified Communications Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
The administration interface in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497. | |||||
CVE-2013-6666 | 1 Google | 1 Chrome | 2024-02-28 | 5.8 MEDIUM | N/A |
The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header. | |||||
CVE-2014-1764 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 10.0 HIGH | N/A |
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. | |||||
CVE-2015-2075 | 1 Sap | 1 Businessobjects Edge | 2024-02-28 | 5.0 MEDIUM | N/A |
SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. | |||||
CVE-2012-6657 | 2 Linux, Novell | 2 Linux Kernel, Suse Linux Enterprise Server | 2024-02-28 | 4.9 MEDIUM | N/A |
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket. | |||||
CVE-2014-0833 | 1 Ibm | 1 Financial Transaction Manager | 2024-02-28 | 5.5 MEDIUM | N/A |
The OAC component in IBM Financial Transaction Manager (FTM) 2.0 before 2.0.0.3 does not properly enforce operator-intervention requirements, which allows remote authenticated users to bypass intended access restrictions via an unspecified process step. | |||||
CVE-2014-1552 | 1 Mozilla | 2 Firefox, Thunderbird | 2024-02-28 | 5.8 MEDIUM | N/A |
Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect. | |||||
CVE-2015-0662 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-02-28 | 7.2 HIGH | N/A |
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385. | |||||
CVE-2014-4793 | 1 Ibm | 1 Websphere Mq | 2024-02-28 | 6.5 MEDIUM | N/A |
IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors. | |||||
CVE-2014-1424 | 2 Canonical, Ubuntu | 2 Ubuntu, Apparmor | 2024-02-28 | 6.4 MEDIUM | N/A |
apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw." | |||||
CVE-2013-2043 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 4.0 MEDIUM | N/A |
apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter. | |||||
CVE-2014-0112 | 1 Apache | 1 Struts | 2024-02-28 | 7.5 HIGH | N/A |
ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. | |||||
CVE-2014-6177 | 1 Ibm | 1 Websphere Service Registry And Repository | 2024-02-28 | 4.0 MEDIUM | N/A |
IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
CVE-2015-0002 | 1 Microsoft | 7 Windows 7, Windows 8, Windows 8.1 and 4 more | 2024-02-28 | 7.2 HIGH | N/A |
The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or "Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability." | |||||
CVE-2013-7330 | 1 Jenkins | 1 Jenkins | 2024-02-28 | 4.0 MEDIUM | N/A |
Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions. | |||||
CVE-2014-6414 | 2 Canonical, Openstack | 2 Ubuntu Linux, Neutron | 2024-02-28 | 4.0 MEDIUM | N/A |
OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. | |||||
CVE-2014-0672 | 1 Cisco | 1 Mediasense | 2024-02-28 | 4.0 MEDIUM | N/A |
The Search and Play interface in Cisco MediaSense does not properly enforce authorization requirements, which allows remote authenticated users to download arbitrary recordings via a request to this interface. | |||||
CVE-2011-5319 | 1 Google | 1 Chrome | 2024-02-28 | 5.0 MEDIUM | N/A |
content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231. |