Search Results (9546 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6442 2 Redhat, Samba 2 Enterprise Linux, Samba 2025-04-12 N/A
The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change.
CVE-2015-4531 1 Emc 1 Documentum Content Server 2025-04-12 N/A
EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization for subgroups of privileged groups, which allows remote authenticated sysadmins to gain super-user privileges, and bypass intended restrictions on data access and server actions, via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4622.
CVE-2014-3642 1 Redhat 7 Cloudforms 3.0.1 Management Engine, Cloudforms 3.0.2 Management Engine, Cloudforms 3.0.3 Management Engine and 4 more 2025-04-12 N/A
vmdb/app/controllers/application_controller/performance.rb in Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to gain privileges via unspecified vectors, related to an "insecure send method."
CVE-2016-7188 1 Microsoft 1 Windows 10 2025-04-12 N/A
The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability."
CVE-2014-3001 1 Freebsd 1 Freebsd 2025-04-12 N/A
The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jailed device node process.
CVE-2013-6713 1 Ibm 1 Tivoli Storage Manager For Virtual Environments 2025-04-12 N/A
The Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (disk consumption) via unspecified GUI actions.
CVE-2014-0508 5 Adobe, Apple, Linux and 2 more 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more 2025-04-12 N/A
Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
CVE-2014-3772 1 Teampass 1 Teampass 2025-04-12 N/A
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php.
CVE-2014-3771 1 Teampass 1 Teampass 2025-04-12 N/A
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php.
CVE-2015-6413 1 Cisco 1 Telepresence Video Communication Server Software 2025-04-12 N/A
Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiting an administrative page, aka Bug ID CSCuw55651.
CVE-2014-1376 1 Apple 1 Mac Os X 2025-04-12 N/A
Intel Compute in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenCL API call, which allows attackers to execute arbitrary code via a crafted application.
CVE-2014-1378 1 Apple 1 Mac Os X 2025-04-12 N/A
IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object.
CVE-2014-1373 1 Apple 1 Mac Os X 2025-04-12 N/A
Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application.
CVE-2015-4231 1 Cisco 3 Nexus 7000, Nexus 7700, Nx-os 2025-04-12 N/A
The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.
CVE-2014-2593 1 Arubanetworks 1 Clearpass Policy Manager 2025-04-12 N/A
The management console in Aruba Networks ClearPass Policy Manager 6.3.0.60730 allows local users to execute arbitrary commands via shell metacharacters in certain arguments of a valid command, as demonstrated by the (1) system status-rasession and (2) network ping commands.
CVE-2015-8267 1 Dovestones 1 Ad Self Password Reset 2025-04-12 N/A
The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username.
CVE-2015-3143 6 Apple, Canonical, Debian and 3 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2025-04-12 N/A
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
CVE-2014-1375 1 Apple 1 Mac Os X 2025-04-12 N/A
Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object.
CVE-2014-1380 1 Apple 1 Mac Os X 2025-04-12 N/A
The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input.
CVE-2014-3350 1 Cisco 1 Cloud Portal 2025-04-12 N/A
Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does not properly implement URL redirection, which allows remote authenticated users to obtain sensitive information via a crafted URL, aka Bug ID CSCuh84870.