Total
3292 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4225 | 2 Redhat, Restful Web Services Project | 3 Satellite, Satellite Capsule, Restful Web Services | 2024-08-06 | 8.8 High |
| The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. | ||||
| CVE-2013-3960 | 1 Easytimestudio | 1 Easy File Manager | 2024-08-06 | 9.9 Critical |
| Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass | ||||
| CVE-2013-2256 | 2 Openstack, Redhat | 2 Nova, Openstack | 2024-08-06 | N/A |
| OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to obtain sensitive information (flavor properties), boot arbitrary flavors, and possibly have other unspecified impacts by guessing the flavor id. | ||||
| CVE-2013-2133 | 1 Redhat | 5 Enterprise Linux, Jboss Bpms, Jboss Brms and 2 more | 2024-08-06 | N/A |
| The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. | ||||
| CVE-2013-2143 | 2 Redhat, Theforeman | 2 Network Satellite, Katello | 2024-08-06 | N/A |
| The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account. | ||||
| CVE-2024-24718 | 2024-08-06 | 4.3 Medium | ||
| Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6. | ||||
| CVE-2023-6696 | 1 Sygnoos | 1 Popup Builder | 2024-08-06 | 8.1 High |
| The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 4.3.1. While some functions contain a nonce check, the nonce can be obtained from the profile page of a logged-in user. This allows subscribers to perform several actions including deleting subscribers and perform blind Server-Side Request Forgery. | ||||
| CVE-2014-8595 | 3 Debian, Opensuse, Xen | 3 Debian Linux, Opensuse, Xen | 2024-08-06 | N/A |
| arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not properly check privileges, which allows local HVM guest users to gain privileges or cause a denial of service (crash) via a crafted (1) CALL, (2) JMP, (3) RETF, (4) LCALL, (5) LJMP, or (6) LRET far branch instruction. | ||||
| CVE-2014-8168 | 1 Redhat | 1 Satellite | 2024-08-06 | 7.8 High |
| Red Hat Satellite 6 allows local users to access mongod and delete pulp_database. | ||||
| CVE-2014-8175 | 1 Redhat | 2 Jboss Amq, Jboss Fuse | 2024-08-06 | N/A |
| Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file. | ||||
| CVE-2014-8105 | 2 Fedoraproject, Redhat | 3 389 Directory Server, Fedora, Enterprise Linux | 2024-08-06 | N/A |
| 389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does not properly restrict access to the "cn=changelog" LDAP sub-tree, which allows remote attackers to obtain sensitive information from the changelog via unspecified vectors. | ||||
| CVE-2014-7155 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Opensuse and 1 more | 2024-08-06 | N/A |
| The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 4.4.x and earlier does not properly check supervisor mode permissions, which allows local HVM users to cause a denial of service (guest crash) or gain guest kernel mode privileges via vectors involving an (1) HLT, (2) LGDT, (3) LIDT, or (4) LMSW instruction. | ||||
| CVE-2014-7156 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
| The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen 3.3.x through 4.4.x does not check the supervisor mode permissions for instructions that generate software interrupts, which allows local HVM guest users to cause a denial of service (guest crash) via unspecified vectors. | ||||
| CVE-2014-6414 | 3 Canonical, Openstack, Redhat | 3 Ubuntu Linux, Neutron, Openstack | 2024-08-06 | N/A |
| OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows remote authenticated users to set admin network attributes to default values via unspecified vectors. | ||||
| CVE-2014-3562 | 2 Fedoraproject, Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2024-08-06 | N/A |
| Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. | ||||
| CVE-2014-3521 | 1 Redhat | 2 Conga, Rhel Cluster | 2024-08-06 | N/A |
| The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL. | ||||
| CVE-2014-3506 | 2 Openssl, Redhat | 5 Openssl, Enterprise Linux, Jboss Enterprise Application Platform and 2 more | 2024-08-06 | N/A |
| d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafted DTLS handshake messages that trigger memory allocations corresponding to large length values. | ||||
| CVE-2014-0167 | 2 Openstack, Redhat | 3 Compute, Icehouse, Openstack | 2024-08-06 | N/A |
| The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests. | ||||
| CVE-2014-0078 | 1 Redhat | 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine | 2024-08-06 | N/A |
| The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID. | ||||
| CVE-2014-0005 | 1 Redhat | 6 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 3 more | 2024-08-06 | N/A |
| PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application. | ||||