Total
5279 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-0135 | 2 Intel, Lenovo | 9 Rapid Storage Technology Enterprise, Thinkstation P520, Thinkstation P520 Firmware and 6 more | 2023-03-03 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206 | |||||
CVE-2019-0128 | 1 Intel | 1 Chipset Device Software | 2023-03-03 | 4.6 MEDIUM | 7.8 HIGH |
Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access. | |||||
CVE-2019-0164 | 2 Intel, Lenovo | 9 Turbo Boost Max Technology 3.0, Thinkstation P410, Thinkstation P410 Firmware and 6 more | 2023-03-02 | 4.4 MEDIUM | 7.3 HIGH |
Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-34868 | 1 Yookassa | 1 Yukassa For Woocommerce | 2023-03-01 | N/A | 6.5 MEDIUM |
Authenticated Arbitrary Settings Update vulnerability in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | |||||
CVE-2007-3278 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2023-02-24 | 6.9 MEDIUM | N/A |
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host parameter that proxies the connection from 127.0.0.1. | |||||
CVE-2016-3699 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Mrg, Linux | 2023-02-12 | 6.9 MEDIUM | 7.4 HIGH |
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. | |||||
CVE-2016-6299 | 2 Fedoraproject, Mock Project | 2 Fedora, Scm Plugin | 2023-02-12 | 9.3 HIGH | 7.8 HIGH |
The scm plug-in in mock might allow attackers to bypass the intended chroot protection mechanism and gain root privileges via a crafted spec file. | |||||
CVE-2016-1906 | 1 Kubernetes | 1 Kubernetes | 2023-02-12 | 10.0 HIGH | 9.8 CRITICAL |
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. | |||||
CVE-2013-6383 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 6.9 MEDIUM | N/A |
The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. | |||||
CVE-2013-6431 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 4.7 MEDIUM | N/A |
The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before 3.11.5 does not properly implement error-code encoding, which allows local users to cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for an IPv6 SIOCADDRT ioctl call. | |||||
CVE-2013-6434 | 1 Redhat | 1 Enterprise Virtualization Manager | 2023-02-12 | 4.3 MEDIUM | N/A |
The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server. | |||||
CVE-2013-4470 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 6.9 MEDIUM | N/A |
The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. | |||||
CVE-2013-4342 | 2 Redhat, Xinetd | 2 Enterprise Linux, Xinetd | 2023-02-12 | 7.6 HIGH | N/A |
xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. | |||||
CVE-2013-4400 | 1 Redhat | 1 Libvirt | 2023-02-12 | 7.2 HIGH | N/A |
virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to overwrite arbitrary files and possibly gain privileges via unspecified environment variables or command-line arguments. | |||||
CVE-2013-4294 | 1 Openstack | 1 Keystone | 2023-02-12 | 5.0 MEDIUM | N/A |
The (1) mamcache and (2) KVS token backends in OpenStack Identity (Keystone) Folsom 2012.2.x and Grizzly before 2013.1.4 do not properly compare the PKI token revocation list with PKI tokens, which allow remote attackers to bypass intended access restrictions via a revoked PKI token. | |||||
CVE-2013-4401 | 1 Redhat | 1 Libvirt | 2023-02-12 | 8.5 HIGH | N/A |
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information. | |||||
CVE-2013-4300 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 7.2 HIGH | N/A |
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing. | |||||
CVE-2013-4200 | 1 Plone | 1 Plone | 2023-02-12 | 5.8 MEDIUM | N/A |
The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login. | |||||
CVE-2013-4260 | 1 Redhat | 1 Ansible | 2023-02-12 | 3.3 LOW | N/A |
lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when playbook does not run due to an error, allows local users to overwrite arbitrary files via a symlink attack on a retry file with a predictable name in /var/tmp/ansible/. | |||||
CVE-2013-4278 | 1 Openstack | 1 Compute | 2023-02-12 | 3.5 LOW | N/A |
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for CVE-2013-2256. |