Total
1781 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3663 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-06 | N/A |
| Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors. | ||||
| CVE-2014-3520 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2024-08-06 | N/A |
| OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request. | ||||
| CVE-2014-0169 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-08-06 | 6.5 Medium |
| In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application. | ||||
| CVE-2015-10033 | 1 Merlinsboard Project | 1 Merlinsboard | 2024-08-06 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The identifier of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability. | ||||
| CVE-2015-8325 | 4 Canonical, Debian, Openbsd and 1 more | 6 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 3 more | 2024-08-06 | N/A |
| The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. | ||||
| CVE-2015-5189 | 2 Pacemaker\/corosync Configuration System Project, Redhat | 2 Pacemaker\/corosync Configuration System, Enterprise Linux | 2024-08-06 | N/A |
| Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated. | ||||
| CVE-2015-4106 | 6 Canonical, Citrix, Debian and 3 more | 8 Ubuntu Linux, Xenserver, Debian Linux and 5 more | 2024-08-06 | N/A |
| QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. | ||||
| CVE-2015-1867 | 2 Clusterlabs, Redhat | 4 Pacemaker, Enterprise Linux, Enterprise Linux High Availability and 1 more | 2024-08-06 | N/A |
| Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. | ||||
| CVE-2015-1854 | 3 Debian, Fedoraproject, Redhat | 4 Debian Linux, 389 Directory Server, Fedora and 1 more | 2024-08-06 | N/A |
| 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | ||||
| CVE-2015-1780 | 1 Redhat | 2 Ovirt-engine, Virtualization | 2024-08-06 | 6.5 Medium |
| oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | ||||
| CVE-2016-20001 | 1 Rest\/json Project | 1 Rest\/json | 2024-08-06 | 9.8 Critical |
| The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2016-20002 | 1 Rest\/json Project | 1 Rest\/json | 2024-08-06 | 9.8 Critical |
| The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2016-20005 | 1 Rest\/json Project | 1 Rest\/json | 2024-08-06 | 9.8 Critical |
| The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2016-20004 | 1 Rest\/json Project | 1 Rest\/json | 2024-08-06 | 9.8 Critical |
| The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. | ||||
| CVE-2016-10996 | 1 Optinmonster | 1 Optinmonster | 2024-08-06 | 5.3 Medium |
| The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak. | ||||
| CVE-2016-6591 | 1 Symantec | 1 Norton App Lock | 2024-08-06 | 7.1 High |
| A security bypass vulnerability exists in Symantec Norton App Lock 1.0.3.186 and earlier if application pinning is enabled, which could let a local malicious user bypass security restrictions. | ||||
| CVE-2016-6353 | 1 Cloudera | 1 Cdh | 2024-08-06 | 6.5 Medium |
| Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler. | ||||
| CVE-2016-4572 | 1 Cloudera | 1 Cdh | 2024-08-06 | 8.8 High |
| In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. | ||||
| CVE-2016-4514 | 1 Moxa | 2 Pt-7728, Pt-7728 Firmware | 2024-08-06 | 7.7 High |
| Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. | ||||
| CVE-2016-4178 | 6 Adobe, Apple, Google and 3 more | 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more | 2024-08-06 | 4.3 Medium |
| Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | ||||