Total
1781 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2238 | 1 Tryton | 1 Trytond | 2024-08-06 | 7.5 High |
| trytond 2.4: ModelView.button fails to validate authorization | ||||
| CVE-2012-0056 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2024-08-06 | N/A |
| The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper. | ||||
| CVE-2013-7330 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
| Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions. | ||||
| CVE-2013-6926 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2024-08-06 | N/A |
| The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account. | ||||
| CVE-2013-4985 | 1 Vivotek | 6 Ip7160, Ip7160 Firmware, Ip7361 and 3 more | 2024-08-06 | 7.5 High |
| Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream | ||||
| CVE-2013-4862 | 1 Micasaverde | 2 Veralite, Veralite Firmware | 2024-08-06 | 8.1 High |
| MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page. | ||||
| CVE-2013-4410 | 2 Fedoraproject, Reviewboard | 2 Fedora, Reviewboard | 2024-08-06 | 7.5 High |
| ReviewBoard: has an access-control problem in REST API | ||||
| CVE-2013-4411 | 2 Fedoraproject, Reviewboard | 2 Fedora, Reviewboard | 2024-08-06 | 4.3 Medium |
| Review Board: URL processing gives unauthorized users access to review lists | ||||
| CVE-2013-4342 | 2 Redhat, Xinetd | 2 Enterprise Linux, Xinetd | 2024-08-06 | N/A |
| xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. | ||||
| CVE-2013-4228 | 1 Organic Groups Project | 1 Organic Groups | 2024-08-06 | 4.3 Medium |
| The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors. | ||||
| CVE-2013-2673 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2024-08-06 | 6.8 Medium |
| Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access. | ||||
| CVE-2013-2574 | 1 Foscam | 2 Fi8620, Fi8620 Firmware | 2024-08-06 | 7.5 High |
| An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information. | ||||
| CVE-2013-2198 | 1 Login Security Project | 1 Login Security | 2024-08-06 | 9.8 Critical |
| The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal allows attackers to bypass intended restrictions via a crafted username. | ||||
| CVE-2013-1350 | 1 Veraxsystems | 1 Network Management System | 2024-08-06 | 9.1 Critical |
| Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities | ||||
| CVE-2013-0889 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2024-08-06 | N/A |
| Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2013-0543 | 4 Hp, Ibm, Linux and 1 more | 4 Hp-ux, Websphere Application Server, Linux Kernel and 1 more | 2024-08-06 | N/A |
| IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not properly validate user accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2014-8109 | 4 Apache, Canonical, Fedoraproject and 1 more | 4 Http Server, Ubuntu Linux, Fedora and 1 more | 2024-08-06 | N/A |
| mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. | ||||
| CVE-2014-7914 | 1 Google | 1 Android | 2024-08-06 | 8.1 High |
| btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag. | ||||
| CVE-2014-7849 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Operations Network | 2024-08-06 | N/A |
| The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role. | ||||
| CVE-2014-7827 | 1 Redhat | 3 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform | 2024-08-06 | N/A |
| The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain. | ||||