Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-264
Total 5279 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-0543 1 Fuse 1 Fuse 2023-02-12 3.3 LOW N/A
Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack.
CVE-2011-0706 2 Redhat, Sun 2 Icedtea-web, Jdk 2023-02-12 7.5 HIGH N/A
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor."
CVE-2011-0006 1 Linux 1 Linux Kernel 2023-02-12 1.9 LOW N/A
The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c in the Linux kernel before 2.6.37, when the Linux Security Modules (LSM) framework is disabled, allows local users to bypass Integrity Measurement Architecture (IMA) rules in opportunistic circumstances by leveraging an administrator's addition of an IMA rule for LSM.
CVE-2009-3722 1 Linux 1 Linux Kernel 2023-02-12 7.1 HIGH N/A
The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted application.
CVE-2009-0024 1 Linux 1 Linux Kernel 2023-02-12 7.2 HIGH N/A
The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munmap functions.
CVE-2015-8660 1 Linux 1 Linux Kernel 2023-02-12 7.2 HIGH 6.7 MEDIUM
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
CVE-2015-5329 1 Redhat 1 Openstack 2023-02-12 7.5 HIGH 7.3 HIGH
The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for remote attackers to obtain access to services in deployed overclouds by leveraging knowledge of the default credentials.
CVE-2015-5222 1 Redhat 1 Openshift 2023-02-12 8.5 HIGH N/A
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.
CVE-2015-5251 1 Openstack 1 Image Registry And Delivery Service \(glance\) 2023-02-12 5.5 MEDIUM N/A
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.
CVE-2015-5233 2 Redhat, Theforeman 2 Satellite, Foreman 2023-02-12 6.0 MEDIUM 4.2 MEDIUM
Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary hosts or (2) remote authenticated users with the destroy_reports permission to delete reports from arbitrary hosts via direct access to the (a) individual report show/delete pages or (b) APIs.
CVE-2015-3229 1 Fedoraproject 2 Atomic, Spin-kickstarts 2023-02-12 4.3 MEDIUM 5.9 MEDIUM
fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates.
CVE-2015-3235 1 Theforeman 1 Foreman 2023-02-12 6.0 MEDIUM N/A
Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors.
CVE-2015-1795 1 Redhat 2 Enterprise Linux, Gluster Storage 2023-02-12 7.2 HIGH 7.8 HIGH
Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.
CVE-2014-8169 3 Automount Project, Opensuse, Redhat 6 Automount, Opensuse, Enterprise Linux Desktop and 3 more 2023-02-12 4.4 MEDIUM N/A
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
CVE-2014-8136 4 Canonical, Mageia, Opensuse and 1 more 8 Ubuntu Linux, Mageia, Opensuse and 5 more 2023-02-12 2.1 LOW N/A
The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors.
CVE-2014-8159 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2023-02-12 6.9 MEDIUM N/A
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
CVE-2014-8133 1 Linux 1 Linux Kernel 2023-02-12 2.1 LOW N/A
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.
CVE-2014-7822 1 Linux 1 Linux Kernel 2023-02-12 7.2 HIGH N/A
The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.
CVE-2014-7851 2 Ovirt, Redhat 2 Ovirt, Ovirt-engine 2023-02-12 6.0 MEDIUM 7.5 HIGH
oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user.
CVE-2014-3665 1 Jenkins 1 Jenkins 2023-02-12 6.8 MEDIUM N/A
Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.