Total
5226 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-8540 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks. | |||||
CVE-2014-9262 | 1 Snapcreek | 1 Duplicator | 2024-02-28 | 5.5 MEDIUM | 8.2 HIGH |
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. | |||||
CVE-2015-4650 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors. | |||||
CVE-2016-0327 | 1 Ibm | 1 Security Identity Manager Virtual Appliance | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows local users to gain administrator privileges via unspecified vectors. IBM X-Force ID: 111643. | |||||
CVE-2016-5007 | 2 Pivotal Software, Vmware | 3 Spring Framework, Spring Framework, Spring Security | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. | |||||
CVE-2016-9984 | 1 Ibm | 1 Maximo Asset Management | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276. | |||||
CVE-2015-1591 | 1 Kamailio | 1 Kamailio | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges. | |||||
CVE-2016-3051 | 1 Ibm | 1 Security Access Manager 9.0 Firmware | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714. | |||||
CVE-2015-7875 | 1 Chaos Tool Suite Project | 1 Ctools | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page. | |||||
CVE-2014-0073 | 1 Apache | 2 Cordova, Cordova In-app-browser | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI. | |||||
CVE-2016-10398 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 6.2 MEDIUM |
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X. | |||||
CVE-2015-3222 | 1 Ossec | 1 Ossec | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root. | |||||
CVE-2015-1590 | 1 Kamailio | 1 Kamailio | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl. | |||||
CVE-2015-4523 | 1 Symantec | 2 Malware Analysis Appliance, Malware Analyzer G2 | 2024-02-28 | 9.0 HIGH | 9.3 CRITICAL |
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis. | |||||
CVE-2015-3321 | 1 Lenovo | 1 Fingerprint Manager | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. | |||||
CVE-2016-4471 | 1 Redhat | 1 Cloudforms | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code. | |||||
CVE-2014-8428 | 1 Barracuda | 1 Load Balancer | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. | |||||
CVE-2015-7359 | 4 Ciphershed, Idrix, Microsoft and 1 more | 4 Ciphershed, Veracrypt, Windows and 1 more | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes. | |||||
CVE-2015-0296 | 2 Fedoraproject, Tug | 2 Fedora, Texlive | 2024-02-28 | 1.2 LOW | 4.7 MEDIUM |
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory. | |||||
CVE-2016-8228 | 1 Lenovo | 1 Lenovo Service Bridge | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. |