Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-2563 | 1 Mambo-foundation | 1 Mambo Cms | 2024-02-28 | 2.1 LOW | N/A |
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file. | |||||
CVE-2014-0200 | 1 Redhat | 1 Rhevm-reports | 2024-02-28 | 2.1 LOW | N/A |
The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows local users to obtain sensitive information by reading the file. | |||||
CVE-2014-8418 | 1 Digium | 2 Asterisk, Certified Asterisk | 2024-02-28 | 9.0 HIGH | N/A |
The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, 11.x before 11.1.4.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8 before 1.8.28-cert8 and 11.6 before 11.6-cert8 allows remote authenticated users to gain privileges via a call from an external protocol, as demonstrated by the AMI protocol. | |||||
CVE-2014-2375 | 1 Ecava | 1 Integraxor | 2024-02-28 | 9.0 HIGH | N/A |
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature. | |||||
CVE-2014-0201 | 1 Redhat | 1 Rhevm-reports | 2024-02-28 | 2.1 LOW | N/A |
ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files. | |||||
CVE-2014-0520 | 4 Adobe, Apple, Linux and 1 more | 5 Adobe Air, Flash Player, Mac Os X and 2 more | 2024-02-28 | 7.5 HIGH | N/A |
Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0517, CVE-2014-0518, and CVE-2014-0519. | |||||
CVE-2014-7827 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-02-28 | 3.5 LOW | N/A |
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. | |||||
CVE-2013-4200 | 1 Plone | 1 Plone | 2024-02-28 | 5.8 MEDIUM | N/A |
The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login. | |||||
CVE-2014-3001 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 5.8 MEDIUM | N/A |
The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process. | |||||
CVE-2014-0078 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2024-02-28 | 4.0 MEDIUM | N/A |
The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID. | |||||
CVE-2014-5147 | 1 Xen | 1 Xen | 2024-02-28 | 4.3 MEDIUM | N/A |
Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process. | |||||
CVE-2014-5032 | 1 Glpi-project | 1 Glpi | 2024-02-28 | 5.0 MEDIUM | N/A |
GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar. | |||||
CVE-2015-0981 | 1 Scadaengine | 1 Bacnet Opc Server | 2024-02-28 | 7.5 HIGH | N/A |
The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors. | |||||
CVE-2014-4157 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 4.6 MEDIUM | N/A |
arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem. | |||||
CVE-2011-4089 | 1 Bzip | 1 Bzip2 | 2024-02-28 | 4.6 MEDIUM | N/A |
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. | |||||
CVE-2012-6634 | 1 Wordpress | 1 Wordpress | 2024-02-28 | 6.4 MEDIUM | N/A |
wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value. | |||||
CVE-2014-6288 | 1 Alex Kellner | 1 Powermail | 2024-02-28 | 7.5 HIGH | N/A |
The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors. | |||||
CVE-2014-0050 | 2 Apache, Oracle | 3 Commons Fileupload, Tomcat, Retail Applications | 2024-02-28 | 7.5 HIGH | N/A |
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. | |||||
CVE-2014-8072 | 1 Openmrs | 1 Openmrs | 2024-02-28 | 4.0 MEDIUM | N/A |
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin. | |||||
CVE-2015-1661 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." |