Search
Total
5300 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8831 | 1 Apple | 1 Mac Os X | 2017-09-08 | 5.0 MEDIUM | N/A |
| security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate. | |||||
| CVE-2014-8838 | 1 Apple | 1 Mac Os X | 2017-09-08 | 4.3 MEDIUM | N/A |
| The Security component in Apple OS X before 10.10.2 does not properly process cached information about app certificates, which allows attackers to bypass the Gatekeeper protection mechanism by leveraging access to a revoked Developer ID certificate for signing a crafted app. | |||||
| CVE-2015-1305 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows Xp | 2017-09-08 | 6.9 MEDIUM | N/A |
| McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call. | |||||
| CVE-2014-8823 | 1 Apple | 1 Mac Os X | 2017-09-08 | 4.7 MEDIUM | N/A |
| The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument. | |||||
| CVE-2014-8895 | 1 Ibm | 1 Tririga Application Platform | 2017-09-08 | 4.3 MEDIUM | N/A |
| IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL. | |||||
| CVE-2014-8828 | 1 Apple | 1 Mac Os X | 2017-09-08 | 7.5 HIGH | N/A |
| Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path. | |||||
| CVE-2014-8988 | 1 Mantisbt | 1 Mantisbt | 2017-09-08 | 4.0 MEDIUM | N/A |
| MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download URL. | |||||
| CVE-2014-7288 | 1 Symantec | 2 Encryption Management Server, Pgp Universal Server | 2017-09-08 | 9.0 HIGH | N/A |
| Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action. | |||||
| CVE-2014-7882 | 1 Hp | 1 Sitescope | 2017-09-08 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2014-6177 | 1 Ibm | 1 Websphere Service Registry And Repository | 2017-09-08 | 4.0 MEDIUM | N/A |
| IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.3 does not perform access-control checks for depth-0 retrieve operations, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-8580 | 1 Citrix | 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware | 2017-09-08 | 4.9 MEDIUM | N/A |
| Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and 10.1-120.1316.e before 10.1-129.1105.e, when using unspecified configurations, allows remote authenticated users to access "network resources" of other users via unknown vectors. | |||||
| CVE-2015-1878 | 1 Thalesesecurity | 7 Nshield Connect 1500, Nshield Connect 1500\+, Nshield Connect 500 and 4 more | 2017-09-07 | 4.6 MEDIUM | 6.8 MEDIUM |
| Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device on a network, affect the integrity and confidentiality of newly created keys, and potentially cause other unspecified impacts using previously loaded keys by connecting to the USB port on the front panel. | |||||
| CVE-2016-5237 | 1 Valvesoftware | 1 Steamos | 2017-09-07 | 1.9 LOW | 4.8 MEDIUM |
| Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file. | |||||
| CVE-2015-6639 | 1 Google | 1 Android | 2017-09-07 | 9.3 HIGH | 7.8 HIGH |
| The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. | |||||
| CVE-2016-2959 | 1 Ibm | 1 Sametime | 2017-09-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804. | |||||
| CVE-2016-10277 | 1 Linux | 1 Linux Kernel | 2017-09-06 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490. | |||||
| CVE-2016-7661 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-09-03 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references. | |||||
| CVE-2016-1611 | 1 Novell | 1 Filr | 2017-09-03 | 7.2 HIGH | 7.8 HIGH |
| Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands. | |||||
| CVE-2016-9796 | 1 Alcatel-lucent | 1 Omnivista 8770 Network Management System | 2017-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server." | |||||
| CVE-2016-3989 | 1 Meinberg | 12 Ims-lantime M1000, Ims-lantime M3000, Ims-lantime M500 and 9 more | 2017-09-03 | 8.5 HIGH | 8.1 HIGH |
| The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root privileges for writing to unspecified scripts, and consequently obtain sensitive information or modify data, by leveraging access to the nobody account. | |||||
| CVE-2016-3861 | 1 Google | 1 Android | 2017-09-03 | 9.3 HIGH | 7.8 HIGH |
| LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543. | |||||
| CVE-2016-3053 | 1 Ibm | 1 Aix | 2017-09-03 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | |||||
| CVE-2016-2431 | 1 Google | 4 Android, Nexus 5, Nexus 6 and 1 more | 2017-09-02 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809. | |||||
| CVE-2012-5897 | 1 Quest | 1 Intrust | 2017-09-02 | 9.3 HIGH | N/A |
| The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument. | |||||
| CVE-2015-6565 | 1 Openbsd | 1 Openssh | 2017-09-02 | 7.2 HIGH | N/A |
| sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence. | |||||
| CVE-2014-8428 | 1 Barracuda | 1 Load Balancer | 2017-09-01 | 7.5 HIGH | 9.8 CRITICAL |
| Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. | |||||
| CVE-2013-7432 | 1 Mapsplugin | 1 Googlemaps | 2017-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism. | |||||
| CVE-2016-2206 | 1 Symantec | 2 Workspace Streaming, Workspace Virtualization | 2017-09-01 | 3.3 LOW | 5.7 MEDIUM |
| The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file. | |||||
| CVE-2016-1416 | 1 Cisco | 1 Prime Collaboration Provisioning | 2017-09-01 | 10.0 HIGH | 9.8 CRITICAL |
| Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. | |||||
| CVE-2016-1456 | 1 Cisco | 1 Ios Xr | 2017-09-01 | 7.2 HIGH | 7.8 HIGH |
| The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721. | |||||
| CVE-2016-0263 | 1 Ibm | 2 General Parallel File System Storage Server, Spectrum Scale | 2017-09-01 | 7.2 HIGH | 7.0 HIGH |
| IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command. | |||||
| CVE-2016-4652 | 1 Apple | 1 Mac Os X | 2017-09-01 | 3.3 LOW | 6.3 MEDIUM |
| CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors. | |||||
| CVE-2016-4633 | 1 Apple | 1 Mac Os X | 2017-09-01 | 6.9 MEDIUM | 7.8 HIGH |
| Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-4638 | 1 Apple | 1 Mac Os X | 2017-09-01 | 9.3 HIGH | 7.8 HIGH |
| Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion." | |||||
| CVE-2015-1324 | 1 Canonical | 1 Ubuntu Linux | 2017-08-30 | 7.2 HIGH | 7.8 HIGH |
| Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries. | |||||
| CVE-2015-3617 | 1 Fortinet | 1 Fortimanager Firmware | 2017-08-29 | 4.6 MEDIUM | 7.8 HIGH |
| Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. | |||||
| CVE-2014-4451 | 1 Apple | 1 Iphone Os | 2017-08-29 | 7.2 HIGH | N/A |
| Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses. | |||||
| CVE-2014-4621 | 1 Emc | 1 Documentum Content Server | 2017-08-29 | 8.5 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors. | |||||
| CVE-2014-4437 | 1 Apple | 1 Mac Os X | 2017-08-29 | 6.8 MEDIUM | N/A |
| LaunchServices in Apple OS X before 10.10 allows attackers to bypass intended sandbox restrictions via an application that specifies a crafted handler for the Content-Type field of an object. | |||||
| CVE-2014-5015 | 2 Eterna, Netbsd | 2 Bozohttpd, Netbsd | 2017-08-29 | 5.0 MEDIUM | N/A |
| bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path. | |||||
| CVE-2014-4446 | 1 Apple | 1 Os X Server | 2017-08-29 | 2.1 LOW | N/A |
| Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator. | |||||
| CVE-2014-4844 | 1 Ibm | 1 Business Process Manager | 2017-08-29 | 6.5 MEDIUM | N/A |
| The import/export functionality in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5 allows remote authenticated users to bypass intended access restrictions via a project action for a (1) process application or (2) toolkit. | |||||
| CVE-2014-4441 | 1 Apple | 1 Mac Os X | 2017-08-29 | 6.8 MEDIUM | N/A |
| NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled. | |||||
| CVE-2014-4423 | 1 Apple | 1 Iphone Os | 2017-08-29 | 4.3 MEDIUM | N/A |
| The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. | |||||
| CVE-2014-5174 | 1 Sap | 1 Netweaver Business Warehouse | 2017-08-29 | 3.5 LOW | N/A |
| The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-4457 | 1 Apple | 1 Iphone Os | 2017-08-29 | 7.5 HIGH | N/A |
| The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not properly implement the debugserver sandbox, which allows attackers to bypass intended binary-execution restrictions via a crafted application that is run during a time period when debugging is not enabled. | |||||
| CVE-2014-4802 | 1 Ibm | 1 Business Process Manager | 2017-08-29 | 4.0 MEDIUM | N/A |
| The Saved Search Admin component in the Process Admin Console in IBM Business Process Manager (BPM) 8.0 through 8.5.5 does not properly restrict task and instance listings in result sets, which allows remote authenticated users to bypass authorization checks and obtain sensitive information by executing a saved search. | |||||
| CVE-2014-4810 | 1 Ibm | 1 Cognos Mobile | 2017-08-29 | 4.3 MEDIUM | N/A |
| IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff. | |||||
| CVE-2014-4793 | 1 Ibm | 1 Websphere Mq | 2017-08-29 | 6.5 MEDIUM | N/A |
| IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH rules for blocking client connections in certain circumstances related to the CONNAUTH attribute, which allows remote authenticated users to bypass intended queue-manager access restrictions via unspecified vectors. | |||||
| CVE-2014-4817 | 1 Ibm | 1 Tivoli Storage Manager | 2017-08-29 | 2.1 LOW | N/A |
| The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename. | |||||