Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1069 | 1 Ubuntu | 1 Metal As A Service | 2014-02-20 | 2.1 LOW | N/A |
| Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file. | |||||
| CVE-2013-4737 | 1 Qualcomm | 1 Quic Mobile Station Modem Kernel | 2014-02-18 | 9.3 HIGH | N/A |
| The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended access restrictions by leveraging the presence of RWX memory at a fixed location. | |||||
| CVE-2013-6492 | 1 Ryan Ohara | 1 Piranha | 2014-02-18 | 5.8 MEDIUM | N/A |
| The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request. | |||||
| CVE-2013-6441 | 1 Linuxcontainers | 1 Lxc | 2014-02-18 | 7.2 HIGH | N/A |
| The lxc-sshd template (templates/lxc-sshd.in) in LXC before 1.0.0.beta2 uses read-write permissions when mounting /sbin/init, which allows local users to gain privileges by modifying the init file. | |||||
| CVE-2012-4466 | 1 Ruby-lang | 1 Ruby | 2014-02-11 | 5.0 MEDIUM | N/A |
| Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 before revision r37068 allows context-dependent attackers to bypass safe-level restrictions and modify untainted strings via the name_err_mesg_to_str API function, which marks the string as tainted, a different vulnerability than CVE-2011-1005. | |||||
| CVE-2012-0064 | 2 X, Xkeyboard Config Project | 2 X.org X11, Xkeyboard-config | 2014-02-11 | 4.6 MEDIUM | N/A |
| xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB debugging functions by default, which allows physically proximate attackers to bypass an X screen lock via keyboard combinations that break the input grab. | |||||
| CVE-2011-4099 | 1 Libcap | 1 Libcap | 2014-02-10 | 4.6 MEDIUM | N/A |
| The capsh program in libcap before 2.22 does not change the current working directory when the --chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors. | |||||
| CVE-2013-2239 | 1 Openvz | 1 Vzkernel | 2014-02-06 | 4.7 MEDIUM | N/A |
| vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certain length variables, which allows local users to obtain sensitive information from kernel stack memory via (1) a crafted ploop driver ioctl call, related to the ploop_getdevice_ioc function in drivers/block/ploop/dev.c, or (2) a crafted quotactl system call, related to the compat_quotactl function in fs/quota/quota.c. | |||||
| CVE-2013-0914 | 1 Linux | 1 Linux Kernel | 2014-02-06 | 3.6 LOW | N/A |
| The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. | |||||
| CVE-2013-7301 | 1 Craig Drummond | 1 Cantata | 2014-02-03 | 5.0 MEDIUM | N/A |
| Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue. | |||||
| CVE-2013-4331 | 1 Robert Ancell | 1 Lightdm | 2014-02-03 | 2.1 LOW | N/A |
| Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before 1.6.2, and 1.7.x before 1.7.14 uses 0664 permissions for the temporary .Xauthority file, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2013-1635 | 1 Php | 1 Php | 2014-01-27 | 7.5 HIGH | N/A |
| ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. | |||||
| CVE-2013-7247 | 1 Franklinfueling | 2 Ts-550 Evo, Ts-550 Evo Firmware | 2014-01-27 | 5.0 MEDIUM | N/A |
| cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password hashes) via the cmdWebGetConfiguration action in a TSA_REQUEST. | |||||
| CVE-2014-0615 | 1 Juniper | 1 Junos | 2014-01-24 | 7.2 HIGH | N/A |
| Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R5, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows local users to gain privileges via vectors related to "certain combinations of Junos OS CLI commands and arguments." | |||||
| CVE-2013-6448 | 1 Redhat | 1 Jboss Seam 2 Framework | 2014-01-23 | 5.0 MEDIUM | N/A |
| The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 framework 2.3.1 and earlier, as used in JBoss Web Framework Kit, allows remote attackers to bypass the WebRemote annotation restriction and obtain information about arbitrary classes and methods on the server classpath via unspecified vectors. | |||||
| CVE-2013-6412 | 1 Augeas | 1 Augeas | 2014-01-23 | 4.6 MEDIUM | N/A |
| The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors. | |||||
| CVE-2011-5270 | 1 Wordpress | 1 Wordpress | 2014-01-21 | 4.0 MEDIUM | N/A |
| wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contributor role. | |||||
| CVE-2010-5297 | 1 Wordpress | 1 Wordpress | 2014-01-21 | 2.1 LOW | N/A |
| WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances via an add action after a temporary change. | |||||
| CVE-2010-5296 | 1 Wordpress | 1 Wordpress | 2014-01-21 | 4.9 MEDIUM | N/A |
| wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action. | |||||
| CVE-2010-5293 | 1 Wordpress | 1 Wordpress | 2014-01-21 | 5.8 MEDIUM | N/A |
| wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match. | |||||