Search Results (9577 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-8148 2 Midgard-project, Opensuse 2 Midgard2, Opensuse 2025-04-12 N/A
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges.
CVE-2013-3066 1 Linksys 2 Ea6500, Ea6500 Firmware 2025-04-12 N/A
Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/.
CVE-2015-5304 1 Redhat 1 Jboss Enterprise Application Platform 2025-04-12 N/A
Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors.
CVE-2015-5342 1 Moodle 1 Moodle 2025-04-12 N/A
The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.
CVE-2014-8558 1 Jexperts 1 Channel Platform 2025-04-12 N/A
JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters.
CVE-2013-4500 1 Quiz Module Project 1 Quiz 2025-04-12 N/A
The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the delete option.
CVE-2013-4596 1 Danielkorte 1 Nodeaccesskeys 2025-04-12 N/A
The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing.
CVE-2014-8655 1 Compal Broadband Networks 3 Cg6640e Wireless Gateway, Ch664oe Wireless Gateway, Firmware 2025-04-12 N/A
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData cookie in a request to (1) CmgwWirelessSecurity.xml, (2) DocsisConfigFile.xml, or (3) CmgwBasicSetup.xml in xml/ or (4) basicDDNS.html, (5) basicLanUsers.html, or (6) rootDesc.xml.
CVE-2015-5367 1 Hp 39 Elite X2 1010 G2, Elitebook 1040 G1, Elitebook 1040 G2 and 36 more 2025-04-12 N/A
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors.
CVE-2014-8989 1 Linux 1 Linux Kernel 2025-04-12 N/A
The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c.
CVE-2014-9022 1 Web Component Roles Project 1 Web Component Roles 2025-04-12 N/A
The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the "disabled" restriction and modify read-only components via a crafted form.
CVE-2015-5496 1 Pass2pdf Project 1 Pass2pdf 2025-04-12 N/A
The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors.
CVE-2013-6714 1 Ibm 1 Tivoli Storage Flashcopy Manager 2025-04-12 N/A
The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions.
CVE-2015-5536 1 Belkin 2 N300 Dual-band Wi-fi Range Extender, N300 Dual-band Wi-fi Range Extender Firmware 2025-04-12 N/A
Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request.
CVE-2014-0817 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.
CVE-2014-0875 1 Ibm 2 Storwize Unified V7000, Storwize Unified V7000 Software 2025-04-12 N/A
Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions.
CVE-2016-2826 2 Microsoft, Mozilla 2 Windows, Firefox 2025-04-12 N/A
The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file.
CVE-2014-2956 1 Avg 2 Safeguard, Secure Search Toolbar 2025-04-12 N/A
ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search toolbar before 18.1.7.598 and AVG Safeguard before 18.1.7.644 does not implement domain-based access control for method calls, which allows remote attackers to trigger the downloading and execution of arbitrary programs via a crafted web site.
CVE-2016-2856 3 Canonical, Debian, Gnu 3 Ubuntu Linux, Debian Linux, Glibc 2025-04-12 N/A
pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
CVE-2014-3043 1 Ibm 2 Storwize Unified V7000, Storwize Unified V7000 Software 2025-04-12 N/A
IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows remote authenticated users to gain privileges by leveraging access to the service account.