Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-9646 | 1 Google | 1 Chrome | 2024-02-28 | 4.6 MEDIUM | N/A |
Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205. | |||||
CVE-2014-0539 | 4 Adobe, Apple, Linux and 1 more | 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more | 2024-02-28 | 7.5 HIGH | N/A |
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0537. | |||||
CVE-2013-6990 | 1 Fortinet | 1 Fortiauthenticator | 2024-02-28 | 9.0 HIGH | N/A |
FortiGuard FortiAuthenticator before 3.0 allows remote administrators to gain privileges via the command line interface. | |||||
CVE-2015-2152 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2024-02-28 | 1.9 LOW | N/A |
Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. | |||||
CVE-2013-2974 | 1 Ibm | 1 Tivoli Application Dependency Discovery Manager | 2024-02-28 | 7.5 HIGH | N/A |
The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.1.x before 7.2.1.5 allows remote authenticated users to bypass authorization checks and obtain report-administration privileges, and consequently create or delete reports or conduct SQL injection attacks, via crafted parameters to the BIRT reporting URL. | |||||
CVE-2014-0018 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Wildfly Application Server | 2024-02-28 | 1.9 LOW | N/A |
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment. | |||||
CVE-2014-3617 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | N/A |
The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum. | |||||
CVE-2013-7383 | 1 X2go | 1 X2go Server | 2024-02-28 | 9.0 HIGH | N/A |
x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before 4.0.1.10 allows remote authenticated users to gain privileges via unspecified vectors, possibly related to backticks. | |||||
CVE-2013-4429 | 1 Mahara | 1 Mahara | 2024-02-28 | 4.0 MEDIUM | N/A |
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefact id in an upload action when creating a journal or (2) instconf_artefactid_selected[ID] parameter in an upload action when editing a block. | |||||
CVE-2013-6434 | 1 Redhat | 1 Enterprise Virtualization Manager | 2024-02-28 | 4.3 MEDIUM | N/A |
The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server. | |||||
CVE-2011-1832 | 1 Ecryptfs | 2 Ecryptfs-utils, Ecryptfs Utils | 2024-02-28 | 2.1 LOW | N/A |
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call. | |||||
CVE-2013-0345 | 1 Varnish Cache Project | 1 Varnish Cache | 2024-02-28 | 2.1 LOW | N/A |
varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party information. | |||||
CVE-2014-1819 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-02-28 | 7.2 HIGH | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly control access to objects associated with font files, which allows local users to gain privileges via a crafted file, aka "Font Double-Fetch Vulnerability." | |||||
CVE-2013-6734 | 1 Ibm | 1 Websphere Extreme Scale Client | 2024-02-28 | 3.5 LOW | N/A |
IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container. | |||||
CVE-2014-0649 | 1 Cisco | 1 Secure Access Control System | 2024-02-28 | 9.0 HIGH | N/A |
The RMI interface in Cisco Secure Access Control System (ACS) 5.x before 5.5 does not properly enforce authorization requirements, which allows remote authenticated users to obtain superadmin access via a request to this interface, aka Bug ID CSCud75180. | |||||
CVE-2014-0187 | 3 Canonical, Openstack, Opensuse | 3 Ubuntu Linux, Neutron, Opensuse | 2024-02-28 | 9.0 HIGH | N/A |
The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied. | |||||
CVE-2014-1649 | 1 Symantec | 1 Workspace Streaming | 2024-02-28 | 7.9 HIGH | N/A |
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS. | |||||
CVE-2014-0124 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | N/A |
The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module. | |||||
CVE-2013-4273 | 1 Entity Api Project | 1 Entity Api | 2024-02-28 | 4.0 MEDIUM | N/A |
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was assigned for the View vector. | |||||
CVE-2012-5498 | 1 Plone | 1 Plone | 2024-02-28 | 5.0 MEDIUM | N/A |
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection. |