Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4661 | 1 Civicrm | 1 Civicrm | 2024-02-28 | 4.9 MEDIUM | N/A |
CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with the "access CiviCRM" permission to bypass intended access restrictions, as demonstrated by accessing custom contribution data without having the "access CiviContribute" permission. | |||||
CVE-2015-0197 | 1 Ibm | 1 General Parallel File System | 2024-02-28 | 7.2 HIGH | N/A |
IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to obtain root privileges for program execution via unspecified vectors. | |||||
CVE-2015-0554 | 1 Adb | 2 P.dga4001n, P.dga4001n Firmware | 2024-02-28 | 9.4 HIGH | N/A |
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html. | |||||
CVE-2014-3124 | 1 Xen | 1 Xen | 2024-02-28 | 6.7 MEDIUM | N/A |
The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separate qemu-dm vulnerability to trigger invalid page table translations for unspecified memory page types. | |||||
CVE-2014-1504 | 4 Mozilla, Opensuse, Oracle and 1 more | 7 Firefox, Seamonkey, Opensuse and 4 more | 2024-02-28 | 2.6 LOW | N/A |
The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. | |||||
CVE-2014-2857 | 1 Gopivotal | 2 Grails, Grails-resources | 2024-02-28 | 5.0 MEDIUM | N/A |
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this issue was SPLIT from CVE-2014-0053 due to different researchers per ADT5. | |||||
CVE-2014-0899 | 1 Ibm | 1 Aix | 2024-02-28 | 6.5 MEDIUM | N/A |
ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands. | |||||
CVE-2013-7221 | 1 Gnome | 1 Gnome-shell | 2024-02-28 | 4.6 MEDIUM | N/A |
The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. | |||||
CVE-2014-5246 | 1 Tenda | 2 A5s, A5s Firmware | 2024-02-28 | 10.0 HIGH | N/A |
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. | |||||
CVE-2013-6448 | 1 Redhat | 1 Jboss Seam 2 Framework | 2024-02-28 | 5.0 MEDIUM | N/A |
The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors. | |||||
CVE-2014-0537 | 4 Adobe, Apple, Linux and 1 more | 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more | 2024-02-28 | 7.5 HIGH | N/A |
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0539. | |||||
CVE-2014-8558 | 1 Jexperts | 1 Channel Platform | 2024-02-28 | 6.5 MEDIUM | N/A |
JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters. | |||||
CVE-2014-8609 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | N/A |
The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824. | |||||
CVE-2014-4700 | 1 Citrix | 1 Xendesktop | 2024-02-28 | 4.9 MEDIUM | N/A |
Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups is enabled and ShutdownDesktopsAfterUse is disabled, allows local guest users to gain access to another user's desktop via unspecified vectors. | |||||
CVE-2013-6835 | 1 Apple | 2 Iphone Os, Safari | 2024-02-28 | 5.0 MEDIUM | N/A |
TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL. | |||||
CVE-2014-8610 | 1 Google | 1 Android | 2024-02-28 | 3.3 LOW | N/A |
AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795. | |||||
CVE-2014-0344 | 1 Zohocorp | 1 Manageengine Opstor | 2024-02-28 | 6.5 MEDIUM | N/A |
Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter. | |||||
CVE-2014-0512 | 1 Adobe | 1 Acrobat Reader | 2024-02-28 | 10.0 HIGH | N/A |
Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. | |||||
CVE-2014-0629 | 1 Emc | 1 Documentum Taskspace | 2024-02-28 | 8.5 HIGH | N/A |
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation. | |||||
CVE-2014-1257 | 1 Apple | 1 Mac Os X | 2024-02-28 | 3.6 LOW | N/A |
CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an unattended workstation. |