| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file. |
| LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup. |
| The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL. |
| SUSE Lifecycle Management Server before 1.1 uses world readable postgres credentials, which allows local users to obtain sensitive information via unspecified vectors. |
| /sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument. |
| A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file. |
| ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is. |
| Microsoft Internet Explorer 8 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability." |
| Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078. |
| The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371. |
| Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492. |
| Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. |
| A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001. |
| EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account. |
| The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files. |
| The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call. |
| The User Attribute implementation in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.2, and 8.5.x through 8.5.0.1 does not verify authorization for read or write access to attribute values, which allows remote authenticated users to obtain sensitive information, configure e-mail notifications, or modify task assignments via REST API calls. |
| IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request. |
| SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry. |
| I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. |