Search Results (9574 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-2048 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands.
CVE-2014-0473 3 Canonical, Djangoproject, Redhat 3 Ubuntu Linux, Django, Openstack 2025-04-12 N/A
The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users.
CVE-2016-8867 2 Docker, Redhat 2 Docker, Rhel Extras Other 2025-04-12 7.5 High
Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes.
CVE-2014-2541 1 Tibco 3 Messaging Appliance, Rendezvous, Substantiation Es 2025-04-12 N/A
The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors.
CVE-2015-6639 1 Google 1 Android 2025-04-12 N/A
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
CVE-2014-0592 2 Crowbar, Novell 2 Barclamp, Suse Cloud 2025-04-12 N/A
Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs.
CVE-2014-0093 1 Redhat 5 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 2 more 2025-04-12 N/A
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.
CVE-2013-7347 1 Redhat 2 Conga, Enterprise Linux 2025-04-12 N/A
Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user and password in a cookie.
CVE-2015-2851 2 Apple, Synology 2 Mac Os X, Cloud Station 2025-04-12 N/A
client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.
CVE-2015-3673 1 Apple 1 Mac Os X 2025-04-12 N/A
Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory Utility.
CVE-2014-0899 1 Ibm 1 Aix 2025-04-12 N/A
ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition (aka WPAR) for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands.
CVE-2013-6889 1 Gnu 1 Rush 2025-04-12 N/A
GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option.
CVE-2014-1285 1 Apple 1 Iphone Os 2025-04-12 N/A
Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device.
CVE-2014-1281 1 Apple 1 Iphone Os 2025-04-12 N/A
Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the Photos app and looking under a transparent image.
CVE-2013-2182 1 Monkey-project 1 Monkey 2025-04-12 N/A
The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.
CVE-2014-0127 1 Moodle 1 Moodle 2025-04-12 N/A
The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time.
CVE-2014-0122 1 Moodle 1 Moodle 2025-04-12 N/A
mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator.
CVE-2013-2047 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password.
CVE-2011-4089 1 Bzip 1 Bzip2 2025-04-12 N/A
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
CVE-2011-5289 1 Diego Uscanga 1 Atube Catcher 2025-04-12 N/A
The SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX control in ChilkatCrypt2.dll in aTube Catcher 2.3.570 allows remote attackers to write to arbitrary files via a pathname in the argument.