Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3844 | 2 Tinymce, Wordpress | 2 Color Picker, Wordpress | 2014-06-27 | 5.0 MEDIUM | N/A |
| The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-2514 | 1 Redhat | 2 Icedtea-web, Icedtea6 | 2014-06-25 | 6.8 MEDIUM | N/A |
| The Java Network Launching Protocol (JNLP) implementation in IcedTea6 1.9.x before 1.9.9 and before 1.8.9, and IcedTea-Web 1.1.x before 1.1.1 and before 1.0.4, allows remote attackers to trick victims into granting access to local files by modifying the content of the Java Web Start Security Warning dialog box to represent a different filename than the file for which access will be granted. | |||||
| CVE-2012-5560 | 1 Mate-desktop | 1 Mate-settings-daemon | 2014-06-24 | 2.1 LOW | N/A |
| The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call. | |||||
| CVE-2013-2563 | 1 Mambo-foundation | 1 Mambo Cms | 2014-06-24 | 2.1 LOW | N/A |
| Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file. | |||||
| CVE-2013-4597 | 1 Rik De Boer | 1 Revisioning | 2014-06-24 | 4.0 MEDIUM | N/A |
| The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-1973 | 1 Autocomplete Widgets Project | 1 Autocomplete Widgets | 2014-06-24 | 4.0 MEDIUM | N/A |
| The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissions, which allows remote authenticated users to obtain sensitive field values via unspecified vectors. | |||||
| CVE-2014-3790 | 1 Vmware | 1 Vcenter Server Appliance | 2014-06-20 | 9.0 HIGH | N/A |
| Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. | |||||
| CVE-2013-1068 | 1 Canonical | 1 Ubuntu Linux | 2014-06-20 | 5.0 MEDIUM | N/A |
| The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability. | |||||
| CVE-2014-2504 | 1 Emc | 1 Documentum D2 | 2014-06-17 | 9.0 HIGH | N/A |
| EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service method. | |||||
| CVE-2014-2084 | 1 Skyboxsecurity | 2 Skybox View Appliance, Skybox View Appliance Iso | 2014-06-12 | 8.5 HIGH | N/A |
| Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown. | |||||
| CVE-2013-7065 | 1 Organic Groups Project | 1 Organic Groups | 2014-06-12 | 5.8 MEDIUM | N/A |
| The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field. | |||||
| CVE-2014-3980 | 1 Daiki Ueno | 1 Libfep | 2014-06-12 | 4.6 MEDIUM | N/A |
| libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2012-5390 | 1 Condor Project | 1 Condor | 2014-06-09 | 10.0 HIGH | N/A |
| The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job. | |||||
| CVE-2014-3837 | 1 Owncloud | 1 Owncloud | 2014-06-05 | 4.0 MEDIUM | N/A |
| The document application in ownCloud Server before 6.0.3 uses sequential values for the file_id, which allows remote authenticated users to enumerate shared files via unspecified vectors. | |||||
| CVE-2014-3838 | 1 Owncloud | 1 Owncloud | 2014-06-05 | 4.0 MEDIUM | N/A |
| ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly check permissions, which allows remote authenticated users to read the names of files of other users by leveraging access to multiple accounts. | |||||
| CVE-2014-3963 | 1 Owncloud | 1 Owncloud | 2014-06-05 | 4.0 MEDIUM | N/A |
| ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors. | |||||
| CVE-2013-0304 | 1 Owncloud | 1 Owncloud | 2014-06-05 | 4.0 MEDIUM | N/A |
| ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is. | |||||
| CVE-2014-3835 | 1 Owncloud | 1 Owncloud | 2014-06-05 | 5.5 MEDIUM | N/A |
| ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vectors. | |||||
| CVE-2014-3834 | 1 Owncloud | 1 Owncloud | 2014-06-04 | 7.5 HIGH | N/A |
| ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspecified vectors. | |||||
| CVE-2013-4596 | 1 Danielkorte | 1 Nodeaccesskeys | 2014-06-03 | 5.8 MEDIUM | N/A |
| The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing. | |||||