Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-4078 | 1 Microsoft | 1 Internet Information Services | 2024-02-28 | 5.1 MEDIUM | N/A |
The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability." | |||||
CVE-2013-7374 | 1 Canonical | 1 Ubuntu Linux | 2024-02-28 | 4.6 MEDIUM | N/A |
The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date. | |||||
CVE-2014-1476 | 1 Drupal | 1 Drupal | 2024-02-28 | 4.0 MEDIUM | N/A |
The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page. | |||||
CVE-2014-7998 | 1 Cisco | 21 Aironet 1040, Aironet 1140, Aironet 1260 and 18 more | 2024-02-28 | 7.1 HIGH | N/A |
Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. | |||||
CVE-2014-3006 | 1 Sitepark | 1 Information Enterprise Server | 2024-02-28 | 6.8 MEDIUM | N/A |
Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/. | |||||
CVE-2013-6433 | 2 Canonical, Openstack | 2 Ubuntu Linux, Neutron | 2024-02-28 | 7.6 HIGH | N/A |
The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file. | |||||
CVE-2014-1501 | 4 Google, Mozilla, Oracle and 1 more | 6 Android, Firefox, Solaris and 3 more | 2024-02-28 | 5.8 MEDIUM | N/A |
Mozilla Firefox before 28.0 on Android allows remote attackers to bypass the Same Origin Policy and access arbitrary file: URLs via vectors involving the "Open Link in New Tab" menu selection. | |||||
CVE-2015-0227 | 1 Apache | 1 Wss4j | 2024-02-28 | 5.0 MEDIUM | N/A |
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks." | |||||
CVE-2015-0816 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js. | |||||
CVE-2014-4629 | 1 Emc | 1 Documentum Content Server | 2024-02-28 | 9.0 HIGH | N/A |
EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before SP2 P19 allows remote authenticated users to read or delete arbitrary files via unspecified vectors related to an insecure direct object reference. | |||||
CVE-2014-0816 | 1 Norman | 1 Security Suite | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors. | |||||
CVE-2014-0548 | 5 Adobe, Apple, Google and 2 more | 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more | 2024-02-28 | 7.5 HIGH | N/A |
Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
CVE-2014-2629 | 1 Hp | 1 Nonstop Safeguard Security | 2024-02-28 | 4.0 MEDIUM | N/A |
HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote authenticated users to bypass intended restrictions on program access via vectors related to process-creation time. | |||||
CVE-2013-4597 | 1 Rik De Boer | 1 Revisioning | 2024-02-28 | 4.0 MEDIUM | N/A |
The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
CVE-2013-6796 | 1 Deeproot Linux | 1 Deepofix | 2024-02-28 | 5.0 MEDIUM | N/A |
The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind. | |||||
CVE-2015-0059 | 1 Microsoft | 7 Windows 7, Windows 8, Windows 8.1 and 4 more | 2024-02-28 | 6.9 MEDIUM | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted TrueType font, aka "TrueType Font Parsing Remote Code Execution Vulnerability." | |||||
CVE-2015-3335 | 2 Google, Opensuse | 2 Chrome, Opensuse | 2024-02-28 | 7.5 HIGH | N/A |
The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct row-hammer attacks or have unspecified other impact by leveraging the ability to run a crafted program in the NaCl sandbox. | |||||
CVE-2014-2084 | 1 Skyboxsecurity | 2 Skybox View Appliance, Skybox View Appliance Iso | 2024-02-28 | 8.5 HIGH | N/A |
Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown. | |||||
CVE-2011-0993 | 1 Novell | 1 Suse Lifecycle Management Server | 2024-02-28 | 2.1 LOW | N/A |
SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors. | |||||
CVE-2014-3083 | 1 Ibm | 1 Websphere Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors. |