| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM. |
| The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site. |
| The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx 1.0.0.0 does not properly restrict the values of the WMIAttributesOfInterest property, which allows remote attackers to execute arbitrary WMI Query Language (WQL) statements via a crafted value, as demonstrated by a value that triggers disclosure of information about installed software. |
| Android before 2.3 does not properly restrict access to the system property space, which allows local applications to bypass the application sandbox and gain privileges, as demonstrated by psneuter and KillingInTheNameOf, related to the use of Android shared memory (ashmem) and ASHMEM_SET_PROT_MASK. |
| The System Only Wrapper (SOW) implementation in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 does not prevent use of the cloneNode method for cloning a protected node, which allows remote attackers to bypass the Same Origin Policy or possibly execute arbitrary JavaScript code with chrome privileges via a crafted web site. |
| Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653. |
| The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038. |
| PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication. |
| Opera before 11.62 on UNIX, when used in conjunction with an unspecified printing application, allows local users to overwrite arbitrary files via a symlink attack on a temporary file during printing. |
| SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDIT_PERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups. |
| The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c. |
| The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. |
| NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability." |
| The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 does not properly restrict the set of values contained in the object returned by the getComputedStyle method, which allows remote attackers to obtain sensitive information about visited web pages by calling this method. |
| chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef before 0.9.18, and 0.10.x before 0.10.2, does not require administrative privileges for the update and destroy methods, which allows remote authenticated users to (1) upload cookbooks via a knife cookbook upload command or (2) delete cookbooks via a knife cookbook delete command. |
| Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability." |
| Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. |
| Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. |
| The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site. |
| mod_auth_openid before 0.7 for Apache uses world-readable permissions for /tmp/mod_auth_openid.db, which allows local users to obtain session ids. |
