Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-5037 | 1 Cisco | 3 Catalyst 6500, Catalyst 7600, Ios | 2024-02-28 | 4.6 MEDIUM | N/A |
The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133. | |||||
CVE-2012-6108 | 1 Hp | 1 Linux Imaging And Printing Project | 2024-02-28 | 2.1 LOW | N/A |
HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operations. | |||||
CVE-2014-0012 | 1 Pocoo | 1 Jinja2 | 2024-02-28 | 4.4 MEDIUM | N/A |
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1402. | |||||
CVE-2015-1646 | 1 Microsoft | 1 Xml Core Services | 2024-02-28 | 4.3 MEDIUM | N/A |
Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability." | |||||
CVE-2014-8419 | 1 Wibu | 1 Codemeter Runtime | 2024-02-28 | 7.2 HIGH | N/A |
Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file. | |||||
CVE-2014-1960 | 1 Sap | 2 Netweaver, Netweaver Solution Manager | 2024-02-28 | 5.0 MEDIUM | N/A |
The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2014-3684 | 1 Adaptivecomputing | 1 Torque Resource Manager | 2024-02-28 | 6.8 MEDIUM | N/A |
The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 5.0.x, 4.5.x, 4.2.x, and earlier does not validate that the owner of the process also owns the adopted session id, which allows remote authenticated users to kill arbitrary processes via a crafted executable. | |||||
CVE-2014-3350 | 1 Cisco | 1 Cloud Portal | 2024-02-28 | 4.0 MEDIUM | N/A |
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870. | |||||
CVE-2014-2126 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-02-28 | 8.5 HIGH | N/A |
Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by leveraging level-0 ASDM access, aka Bug ID CSCuj33496. | |||||
CVE-2014-1265 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2024-02-28 | 4.6 MEDIUM | N/A |
The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock. | |||||
CVE-2014-1352 | 1 Apple | 1 Iphone Os | 2024-02-28 | 1.9 LOW | N/A |
Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors. | |||||
CVE-2014-6289 | 2 Daniel Lienert, Michael Knoll | 2 Yet Another Gallery, Tools For Extbase Developmen | 2024-02-28 | 7.5 HIGH | N/A |
The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors. | |||||
CVE-2015-0801 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | 7.5 HIGH | N/A |
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818. | |||||
CVE-2013-6770 | 2 Google, Koushik Dutta | 2 Android, Superuser | 2024-02-28 | 7.6 HIGH | N/A |
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows attackers to gain privileges by leveraging ADB shell access and a certain Linux UID, and then creating a Trojan horse script. | |||||
CVE-2014-6043 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2024-02-28 | 6.5 MEDIUM | N/A |
ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000. | |||||
CVE-2014-1986 | 1 Kokuyo | 1 Camiapp | 2024-02-28 | 5.8 MEDIUM | N/A |
The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application. | |||||
CVE-2015-0073 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-02-28 | 7.2 HIGH | N/A |
The Windows Registry Virtualization feature in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict changes to virtual stores, which allows local users to gain privileges via a crafted application, aka "Registry Virtualization Elevation of Privilege Vulnerability." | |||||
CVE-2014-0858 | 1 Ibm | 1 Content Navigator | 2024-02-28 | 3.5 LOW | N/A |
IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL. | |||||
CVE-2014-9249 | 1 Zenoss | 1 Zenoss Core | 2024-02-28 | 7.5 HIGH | N/A |
The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408. | |||||
CVE-2015-1643 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-02-28 | 7.2 HIGH | N/A |
Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "NtCreateTransactionManager Type Confusion Vulnerability." |