Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8027 | 1 Cisco | 1 Secure Access Control System | 2024-02-28 | 6.5 MEDIUM | N/A |
| The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034. | |||||
| CVE-2014-2349 | 1 Emerson | 1 Deltav | 2024-02-28 | 4.6 MEDIUM | N/A |
| Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration files by leveraging engineering-level privileges. | |||||
| CVE-2013-1069 | 1 Ubuntu | 1 Metal As A Service | 2024-02-28 | 2.1 LOW | N/A |
| Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file. | |||||
| CVE-2014-0719 | 1 Cisco | 1 Ips Sensor Software | 2024-02-28 | 7.8 HIGH | N/A |
| The control-plane access-list implementation in Cisco IPS Software before 7.1(8p2)E4 and 7.2 before 7.2(2)E4 allows remote attackers to cause a denial of service (MainApp process outage) via crafted packets to TCP port 7000, aka Bug ID CSCui67394. | |||||
| CVE-2015-1499 | 1 Samsung | 1 Samsung Security Manager | 2024-02-28 | 8.5 HIGH | N/A |
| The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. | |||||
| CVE-2014-9135 | 1 Huawei | 2 P7-l10, P7-l10 Firmware | 2024-02-28 | 4.3 MEDIUM | N/A |
| The PackageInstaller module in Huawei P7-L10 smartphones before V100R001C00B136 allows remote attackers to spoof the origin website and bypass the website whitelist protection mechanism via a crafted package. | |||||
| CVE-2013-4504 | 2 Drupal, Monster Menus Module Project | 2 Drupal, Monster Menus | 2024-02-28 | 2.6 LOW | N/A |
| The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. | |||||
| CVE-2014-0839 | 1 Ibm | 1 Rational Focal Point | 2024-02-28 | 4.0 MEDIUM | N/A |
| IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x before 6.6.1 allows remote authenticated users to modify data via vectors involving a direct object reference. | |||||
| CVE-2013-4501 | 1 Quiz Module Project | 1 Quiz | 2024-02-28 | 5.0 MEDIUM | N/A |
| The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to obtain sensitive quiz results via unspecified vectors. | |||||
| CVE-2014-7832 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | N/A |
| mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance. | |||||
| CVE-2013-6744 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-02-28 | 8.5 HIGH | N/A |
| The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority. | |||||
| CVE-2014-2321 | 1 Zte | 2 F460, F660 | 2024-02-28 | 10.0 HIGH | N/A |
| web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. | |||||
| CVE-2014-2573 | 1 Openstack | 1 Compute | 2024-02-28 | 2.3 LOW | N/A |
| The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by requesting the VM be put into rescue and then deleting the image. | |||||
| CVE-2014-4790 | 1 Ibm | 2 Emptoris Sourcing Portfolio, Emptoris Spend Analysis | 2024-02-28 | 4.9 MEDIUM | N/A |
| IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before 10.0.0.1, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 and Emptoris Spend Analysis 9.5.x before 9.5.0.4, 10.0.1.x before 10.0.1.3, and 10.0.2.x before 10.0.2.4 do not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue. | |||||
| CVE-2013-2047 | 1 Owncloud | 1 Owncloud | 2024-02-28 | 2.1 LOW | N/A |
| The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password. | |||||
| CVE-2015-3336 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2024-02-28 | 4.3 MEDIUM | N/A |
| Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL. | |||||
| CVE-2015-0149 | 1 Ibm | 1 Api Management | 2024-02-28 | 5.5 MEDIUM | N/A |
| The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls. | |||||
| CVE-2014-4749 | 1 Ibm | 1 Powervc | 2024-02-28 | 4.3 MEDIUM | N/A |
| IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_hosts file, which allows man-in-the-middle attackers to spoof SSH servers via an arbitrary server key. | |||||
| CVE-2015-1029 | 1 Puppet | 2 Puppet Enterprise, Stdlib | 2024-02-28 | 6.5 MEDIUM | N/A |
| The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache. | |||||
| CVE-2014-1347 | 1 Apple | 2 Itunes, Mac Os X | 2024-02-28 | 4.4 MEDIUM | N/A |
| Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary user accounts, via standard filesystem operations. | |||||