Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6714 | 1 Ibm | 1 Tivoli Storage Flashcopy Manager | 2024-02-28 | 4.1 MEDIUM | N/A |
| The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions. | |||||
| CVE-2014-0972 | 1 Codeaurora | 1 Android-msm | 2024-02-28 | 7.2 HIGH | N/A |
| The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register. | |||||
| CVE-2014-3790 | 1 Vmware | 1 Vcenter Server Appliance | 2024-02-28 | 9.0 HIGH | N/A |
| Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. | |||||
| CVE-2015-2150 | 3 Linux, Ubuntu, Xen | 3 Linux Kernel, Ubuntu, Xen | 2024-02-28 | 4.9 MEDIUM | N/A |
| Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response. | |||||
| CVE-2015-0951 | 1 Qualiteam | 1 X-cart | 2024-02-28 | 6.5 MEDIUM | N/A |
| X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request. | |||||
| CVE-2014-7828 | 1 Freeipa | 1 Freeipa | 2024-02-28 | 3.5 LOW | N/A |
| FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind. | |||||
| CVE-2015-1593 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 5.0 MEDIUM | N/A |
| The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. | |||||
| CVE-2015-3435 | 1 Samsung | 1 Samsung Security Manager | 2024-02-28 | 10.0 HIGH | N/A |
| Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. | |||||
| CVE-2014-1978 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2024-02-28 | 4.3 MEDIUM | N/A |
| The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2013-6730 | 1 Ibm | 1 Websphere Portal | 2024-02-28 | 4.3 MEDIUM | N/A |
| IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results. | |||||
| CVE-2014-8413 | 1 Digium | 1 Asterisk | 2024-02-28 | 7.5 HIGH | N/A |
| The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs defined in pjsip.conf at startup, which allows remote attackers to bypass intended PJSIP ACL rules. | |||||
| CVE-2015-0528 | 1 Emc | 1 Isilon Onefs | 2024-02-28 | 7.2 HIGH | N/A |
| The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files. | |||||
| CVE-2013-4177 | 2 Drupal, Google Authenticator Login Project | 2 Drupal, Ga Login | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-factor authentication requirement via unspecified vectors. | |||||
| CVE-2015-0223 | 1 Apache | 1 Qpid | 2024-02-28 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling. | |||||
| CVE-2013-6412 | 1 Augeas | 1 Augeas | 2024-02-28 | 4.6 MEDIUM | N/A |
| The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors. | |||||
| CVE-2014-4626 | 1 Emc | 1 Documentum Content Server | 2024-02-28 | 9.0 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515. | |||||
| CVE-2014-9675 | 6 Canonical, Debian, Fedoraproject and 3 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-02-28 | 5.0 MEDIUM | N/A |
| bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font. | |||||
| CVE-2014-5286 | 1 Tibco | 3 Activematrix Management Agent, Activematrix Policy Agent, Activematrix Policy Manager | 2024-02-28 | 6.4 MEDIUM | N/A |
| The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers to gain privileges and obtain sensitive information via unspecified vectors. | |||||
| CVE-2011-2500 | 1 Linux-nfs | 1 Nfs-utils | 2024-02-28 | 7.5 HIGH | N/A |
| The host_reliable_addrinfo function in support/export/hostname.c in nfs-utils before 1.2.4 does not properly use DNS to verify access to NFS exports, which allows remote attackers to mount filesystems by establishing crafted DNS A and PTR records. | |||||
| CVE-2014-9304 | 1 Plex | 1 Media Server | 2024-02-28 | 7.5 HIGH | N/A |
| Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server. | |||||