Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1996 | 1 Cybozu | 1 Garoon | 2024-02-28 | 7.5 HIGH | N/A |
| Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call. | |||||
| CVE-2011-5275 | 1 Gplhost | 1 Domain Technologie Control | 2024-02-28 | 7.5 HIGH | N/A |
| The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges. | |||||
| CVE-2014-8651 | 1 Kde | 2 Kde-workspace, Plasma-desktop | 2024-02-28 | 7.2 HIGH | N/A |
| The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument. | |||||
| CVE-2013-6727 | 1 Ibm | 1 Sametime | 2024-02-28 | 5.0 MEDIUM | N/A |
| The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-2746 | 1 Tigase | 1 Tigase | 2024-02-28 | 7.8 HIGH | N/A |
| net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | |||||
| CVE-2015-0011 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2024-02-28 | 4.7 MEDIUM | N/A |
| mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass an impersonation protection mechanism, and obtain privileges for redirection of WebDAV requests, via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability." | |||||
| CVE-2014-4431 | 1 Apple | 1 Mac Os X | 2024-02-28 | 2.1 LOW | N/A |
| Dock in Apple OS X before 10.10 does not properly manage the screen-lock state, which allows physically proximate attackers to view windows by leveraging an unattended workstation. | |||||
| CVE-2015-1498 | 1 Persistent Systems | 1 Radia Client Automation | 2024-02-28 | 10.0 HIGH | N/A |
| Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact. | |||||
| CVE-2014-7911 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | N/A |
| luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. | |||||
| CVE-2014-0630 | 1 Emc | 1 Documentum Taskspace | 2024-02-28 | 4.0 MEDIUM | N/A |
| EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL. | |||||
| CVE-2015-1170 | 1 Nvidia | 4 Gpu Driver R304, Gpu Driver R340, Gpu Driver R343 and 1 more | 2024-02-28 | 7.2 HIGH | N/A |
| The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," which allows local users to gain administrator privileges via unspecified API calls. | |||||
| CVE-2015-2828 | 1 Broadcom | 1 Spectrum | 2024-02-28 | 9.0 HIGH | N/A |
| CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data. | |||||
| CVE-2014-5015 | 2 Eterna, Netbsd | 2 Bozohttpd, Netbsd | 2024-02-28 | 5.0 MEDIUM | N/A |
| bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path. | |||||
| CVE-2014-0908 | 1 Ibm | 1 Business Process Manager | 2024-02-28 | 6.0 MEDIUM | N/A |
| The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls. | |||||
| CVE-2014-3849 | 1 Imember360 | 1 Imember360 | 2024-02-28 | 4.3 MEDIUM | N/A |
| The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser parameter. | |||||
| CVE-2014-4451 | 1 Apple | 1 Iphone Os | 2024-02-28 | 7.2 HIGH | N/A |
| Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. | |||||
| CVE-2013-0296 | 1 Zlib | 1 Pigz | 2024-02-28 | 4.4 MEDIUM | N/A |
| Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring. | |||||
| CVE-2014-8988 | 1 Mantisbt | 1 Mantisbt | 2024-02-28 | 4.0 MEDIUM | N/A |
| MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download URL. | |||||
| CVE-2013-7068 | 1 Organic Groups Project | 1 Organic Groups | 2024-02-28 | 4.9 MEDIUM | N/A |
| The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field. | |||||
| CVE-2014-0514 | 1 Adobe | 1 Adobe Reader | 2024-02-28 | 9.3 HIGH | N/A |
| The Adobe Reader Mobile application before 11.2 for Android does not properly restrict use of JavaScript, which allows remote attackers to execute arbitrary code via a crafted PDF document, a related issue to CVE-2012-6636. | |||||