Total
5210 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-6108 | 1 Hp | 1 Linux Imaging And Printing Project | 2014-02-21 | 2.1 LOW | N/A |
| HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operations. | |||||
| CVE-2013-4661 | 1 Civicrm | 1 Civicrm | 2014-02-21 | 4.9 MEDIUM | N/A |
| CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with the "access CiviCRM" permission to bypass intended access restrictions, as demonstrated by accessing custom contribution data without having the "access CiviContribute" permission. | |||||
| CVE-2014-1476 | 1 Drupal | 1 Drupal | 2014-02-21 | 4.0 MEDIUM | N/A |
| The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to obtain sensitive information via a listing page. | |||||
| CVE-2013-7135 | 1 Detlef Pilzecker | 1 Proc\ | 2014-02-21 | 7.2 HIGH | N/A |
| The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file. | |||||
| CVE-2012-3174 | 1 Oracle | 2 Jdk, Jre | 2014-02-21 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an issue involving recursive use of the Reflection API, but that issue is already covered as part of CVE-2013-0422. This identifier is for a different vulnerability whose details are not public as of 20130114. | |||||
| CVE-2010-2441 | 1 Apple | 1 Webkit | 2014-02-21 | 4.3 MEDIUM | N/A |
| WebKit does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets," a different vulnerability than CVE-2010-1126, CVE-2010-1422, and CVE-2010-2295. | |||||
| CVE-2013-1069 | 1 Ubuntu | 1 Metal As A Service | 2014-02-21 | 2.1 LOW | N/A |
| Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file. | |||||
| CVE-2013-4737 | 1 Qualcomm | 1 Quic Mobile Station Modem Kernel | 2014-02-18 | 9.3 HIGH | N/A |
| The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended access restrictions by leveraging the presence of RWX memory at a fixed location. | |||||
| CVE-2013-6492 | 1 Ryan Ohara | 1 Piranha | 2014-02-18 | 5.8 MEDIUM | N/A |
| The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request. | |||||
| CVE-2013-6441 | 1 Linuxcontainers | 1 Lxc | 2014-02-18 | 7.2 HIGH | N/A |
| The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file. | |||||
| CVE-2012-4466 | 1 Ruby-lang | 1 Ruby | 2014-02-12 | 5.0 MEDIUM | N/A |
| Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005. | |||||
| CVE-2012-0064 | 2 X, Xkeyboard Config Project | 2 X.org X11, Xkeyboard-config | 2014-02-11 | 4.6 MEDIUM | N/A |
| xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab. | |||||
| CVE-2011-4099 | 1 Libcap | 1 Libcap | 2014-02-10 | 4.6 MEDIUM | N/A |
| The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors. | |||||
| CVE-2013-2239 | 1 Openvz | 1 Vzkernel | 2014-02-07 | 4.7 MEDIUM | N/A |
| vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via (1) a crafted ploop driver ioctl call, related to the ploop_getdevice_ioc function in drivers/block/ploop/dev.c, or (2) a crafted quotactl system call, related to the compat_quotactl function in fs/quota/quota.c. | |||||
| CVE-2013-7301 | 1 Craig Drummond | 1 Cantata | 2014-02-03 | 5.0 MEDIUM | N/A |
| Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue. | |||||
| CVE-2013-4331 | 1 Robert Ancell | 1 Lightdm | 2014-02-03 | 2.1 LOW | N/A |
| Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2013-7247 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2014-01-27 | 5.0 MEDIUM | N/A |
| cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST. | |||||
| CVE-2014-0615 | 1 Juniper | 1 Junos | 2014-01-24 | 7.2 HIGH | N/A |
| Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to "certain combinations of Junos OS CLI commands and arguments." | |||||
| CVE-2013-6448 | 1 Redhat | 1 Jboss Seam 2 Framework | 2014-01-23 | 5.0 MEDIUM | N/A |
| The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors. | |||||
| CVE-2013-6412 | 1 Augeas | 1 Augeas | 2014-01-23 | 4.6 MEDIUM | N/A |
| The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors. | |||||