Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-6160 | 2 Google, Ibm | 3 Chrome, Webseal, Websphere Service Registry And Repository | 2024-02-28 | 2.1 LOW | N/A |
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||||
CVE-2014-8904 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | 7.2 HIGH | N/A |
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. | |||||
CVE-2014-5174 | 1 Sap | 1 Netweaver Business Warehouse | 2024-02-28 | 3.5 LOW | N/A |
The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
CVE-2015-0012 | 1 Microsoft | 1 Virtual Machine Manager | 2024-02-28 | 6.9 MEDIUM | N/A |
Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka "Virtual Machine Manager Elevation of Privilege Vulnerability." | |||||
CVE-2013-3981 | 1 Ibm | 1 Sametime | 2024-02-28 | 5.0 MEDIUM | N/A |
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. | |||||
CVE-2014-1425 | 2 Canonical, Linuxcontainers | 2 Ubuntu Linux, Cgmanager | 2024-02-28 | 2.1 LOW | N/A |
cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors. | |||||
CVE-2014-7156 | 1 Xen | 1 Xen | 2024-02-28 | 3.3 LOW | N/A |
The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors. | |||||
CVE-2014-6256 | 1 Zenoss | 1 Zenoss Core | 2024-02-28 | 7.5 HIGH | N/A |
Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386. | |||||
CVE-2014-3038 | 1 Ibm | 1 Spss Modeler | 2024-02-28 | 3.6 LOW | N/A |
IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop group privileges, which allows local users to bypass intended file-access restrictions by leveraging (1) gid 0 or (2) root's group memberships. | |||||
CVE-2014-8823 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.7 MEDIUM | N/A |
The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument. | |||||
CVE-2011-1836 | 1 Ecryptfs | 2 Ecryptfs-utils, Ecryptfs Utils | 2024-02-28 | 4.6 MEDIUM | N/A |
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard filesystem operations during the recovery process. | |||||
CVE-2013-5356 | 1 Sharetronix | 1 Sharetronix | 2024-02-28 | 7.5 HIGH | N/A |
Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict access to unspecified AJAX functionality, which allows remote attackers to bypass authentication via unknown vectors. | |||||
CVE-2014-3133 | 1 Sap | 1 Netweaver Java Application Server | 2024-02-28 | 5.0 MEDIUM | N/A |
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection. | |||||
CVE-2011-2514 | 1 Redhat | 2 Icedtea-web, Icedtea6 | 2024-02-28 | 6.8 MEDIUM | N/A |
The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted. | |||||
CVE-2014-1993 | 1 Cybozu | 1 Garoon | 2024-02-28 | 4.0 MEDIUM | N/A |
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | |||||
CVE-2013-4406 | 1 Quick Tabs Module Project | 1 Quicktabs | 2024-02-28 | 5.0 MEDIUM | N/A |
The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitive information by reading a Quick Tab. | |||||
CVE-2014-1381 | 1 Apple | 1 Mac Os X | 2024-02-28 | 10.0 HIGH | N/A |
Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call. | |||||
CVE-2014-1977 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2024-02-28 | 4.3 MEDIUM | N/A |
The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application. | |||||
CVE-2013-7364 | 1 Sap | 1 Netweaver | 2024-02-28 | 7.5 HIGH | N/A |
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | |||||
CVE-2014-8734 | 1 Drupal | 1 Organic Groups Menu | 2024-02-28 | 3.5 LOW | N/A |
The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors. |