Search Results (9537 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-0910 1 Emc 1 Data Domain Os 2025-04-12 N/A
EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors.
CVE-2016-0912 1 Dell 1 Emc Data Domain Os 2025-04-12 N/A
EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation.
CVE-2016-0915 1 Emc 1 Authentication Manager Prime 2025-04-12 8.1 High
The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime Self-Service 3.0 and 3.1 before 3.1 1915.42871 allows remote authenticated users to cause a denial of service (PIN change for an arbitrary user) via a modified token serial number within a PIN change request, related to a "direct object reference vulnerability."
CVE-2014-8890 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraints and ServletSecurity annotations.
CVE-2014-8895 1 Ibm 1 Tririga Application Platform 2025-04-12 N/A
IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL.
CVE-2016-0921 1 Emc 1 Avamar Server 2025-04-12 N/A
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 use weak permissions for unspecified directories, which allows local users to obtain root access by replacing a script with a Trojan horse program.
CVE-2015-0605 1 Cisco 2 Asyncos, Email Security Appliance Firmware 2025-04-12 N/A
The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343.
CVE-2014-2209 1 Facebook 1 Hiphop Virtual Machine 2025-04-12 N/A
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.
CVE-2014-3006 1 Sitepark 1 Information Enterprise Server 2025-04-12 N/A
Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/.
CVE-2014-9632 1 Avg 2 Internet Security, Protection 2025-04-12 N/A
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.
CVE-2014-9633 1 Comodo 1 Backup 2025-04-12 N/A
The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference.
CVE-2016-9566 2 Nagios, Redhat 3 Nagios, Openstack, Storage 2025-04-12 N/A
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
CVE-2014-3559 1 Redhat 2 Enterprise Virtualization, Rhev Manager 2025-04-12 N/A
The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume.
CVE-2013-1191 1 Cisco 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more 2025-04-12 N/A
Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400.
CVE-2014-0905 1 Ibm 1 Infosphere Biginsights 2025-04-12 N/A
IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2013-4455 1 Katello 1 Katello Installer 2025-04-12 N/A
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by reading the file.
CVE-2013-4432 1 Mahara 1 Mahara 2025-04-12 N/A
Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an active folder tab loaded before permissions were removed or (2) via the folder parameter to artefact/file/groupfiles.php.
CVE-2013-4498 2 Drupal, Florian Weber 2 Drupal, Spaces 2025-04-12 N/A
The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes the content to be "orphaned" and allows remote authenticated users with the "access content" permission to obtain sensitive information via vectors involving a rebuild access for the site or content.
CVE-2015-0750 1 Cisco 1 Hosted Collaboration Solution 2025-04-12 N/A
The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786.
CVE-2014-0557 6 Adobe, Apple, Google and 3 more 8 Adobe Air, Adobe Air Sdk, Flash Player and 5 more 2025-04-12 N/A
Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.