Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7440 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2018-04-11 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Quality Manager (RQM) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Team Concert (RTC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1, 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Requirements Composer (RRC) 3.0.x before 3.0.1.6 iFix7 Interim Fix 1 and 4.0.x before 4.0.7 iFix10; Rational DOORS Next Generation (RDNG) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; Rational Engineering Lifecycle Manager (RELM) 4.0.3, 4.0.4, 4.0.5, 4.0.6, and 4.0.7 before iFix10, 5.0.x before 5.0.2 iFix1, and 6.0.x before 6.0.2; Rational Rhapsody Design Manager (Rhapsody DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4; and Rational Software Architect Design Manager (RSA DM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 iFix15, and 6.0.x before 6.0.1 iFix4 might allow local users to gain privileges via unspecified vectors. IBM X-Force ID: 108098. | |||||
| CVE-2014-7272 | 2 Fedoraproject, Sddm Project | 2 Fedora, Sddm | 2018-03-27 | 7.2 HIGH | 7.8 HIGH |
| Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users to gain root privileges because code running as root performs write operations within a user home directory, and this user may have created links in advance (exploitation requires the user to win a race condition in the ~/.Xauthority chown case, but not other cases). | |||||
| CVE-2014-10070 | 1 Zsh Project | 1 Zsh | 2018-03-20 | 4.6 MEDIUM | 7.8 HIGH |
| zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation contexts when the environment has not been properly sanitized, such as when zsh is invoked by sudo on systems where "env_reset" has been disabled. | |||||
| CVE-2015-7966 | 1 Gemalto | 1 Safenet Authentication Service Windows Logon Agent | 2018-03-17 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965. | |||||
| CVE-2015-7965 | 1 Gemalto | 1 Safenet Authentication Service Windows Logon Agent | 2018-03-17 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7966. | |||||
| CVE-2015-7964 | 1 Gemalto | 1 Safenet Authentication Service For Nps Agent | 2018-03-17 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | |||||
| CVE-2015-7967 | 1 Gemalto | 1 Safenet Authentication Service For Citrix Web Interface Agent | 2018-03-17 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | |||||
| CVE-2015-7963 | 1 Gemalto | 1 Safenet Authentication Service For Ad Fs Agent | 2018-03-17 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | |||||
| CVE-2015-7598 | 1 Gemalto | 1 Safenet Authentication Service Tokenvalidator Proxy Agent | 2018-03-17 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | |||||
| CVE-2015-7597 | 1 Gemalto | 1 Safenet Authentication Service Iis Agent | 2018-03-17 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | |||||
| CVE-2015-7962 | 1 Gemalto | 1 Safenet Authentication Service For Outlook Web App Agent | 2018-03-17 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | |||||
| CVE-2015-7961 | 1 Gemalto | 1 Safenet Authentication Service Remote Web Workplace Agent | 2018-03-17 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | |||||
| CVE-2015-7596 | 1 Gemalto | 1 Safenet Authentication Service End User Software Tools For Windows | 2018-03-17 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | |||||
| CVE-2016-8742 | 2 Apache, Microsoft | 2 Couchdb, Windows | 2018-03-14 | 7.2 HIGH | 7.8 HIGH |
| The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1. | |||||
| CVE-2015-1416 | 1 Freebsd | 1 Freebsd | 2018-03-13 | 9.3 HIGH | 7.8 HIGH |
| Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file. | |||||
| CVE-2014-4976 | 1 Sonicwall | 1 Scrutinizer | 2018-03-12 | 5.5 MEDIUM | N/A |
| Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. | |||||
| CVE-2016-8528 | 1 Eucalyptus | 1 Eucalyptus | 2018-03-07 | 6.5 MEDIUM | 8.8 HIGH |
| A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found. | |||||
| CVE-2016-8533 | 1 Hp | 1 Matrix Operating Environment | 2018-03-02 | 6.5 MEDIUM | 8.8 HIGH |
| A remote priviledge escalation vulnerability in HPE Matrix Operating Environment version 7.6 was found. | |||||
| CVE-2016-8534 | 1 Hp | 1 Matrix Operating Environment | 2018-03-02 | 6.5 MEDIUM | 8.8 HIGH |
| A remote privilege elevation vulnerability in HPE Matrix Operating Environment version 7.6 was found. | |||||
| CVE-2014-9503 | 1 Open Atrium Project | 1 Open Atrium | 2018-02-27 | 5.5 MEDIUM | 6.5 MEDIUM |
| The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks. | |||||