Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4477 2 Openstack, Redhat 3 Grizzly, Havana, Openstack 2025-04-11 N/A
The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, when removing a role on a tenant for a user who does not have that role, adds the role to the user, which allows local users to gain privileges.
CVE-2013-6617 1 Saltstack 1 Salt 2025-04-11 N/A
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.
CVE-2011-1127 1 Simplemachines 1 Smf 2025-04-11 N/A
SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, does not properly restrict guest access, which allows remote attackers to have an unspecified impact via unknown vectors.
CVE-2012-4442 1 Monkey-project 1 Monkey 2025-04-11 N/A
Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictions by leveraging a race condition in a file-permission check.
CVE-2004-2769 1 Cerberusftp 1 Ftp Server 2025-04-11 N/A
Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.
CVE-2010-2099 1 E107 1 E107 2025-04-11 N/A
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.
CVE-2013-5548 1 Cisco 1 Ios 2025-04-11 N/A
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795.
CVE-2012-2440 1 Tp-link 1 8840t 2025-04-11 N/A
The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors.
CVE-2014-0491 5 Adobe, Apple, Linux and 2 more 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more 2025-04-11 N/A
Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before 12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux, Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass unspecified protection mechanisms via unknown vectors.
CVE-2012-4934 1 Tomatocart 1 Tomatocart 2025-04-11 N/A
TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL.
CVE-2013-2069 1 Redhat 2 Enterprise Linux, Livecd-tools 2025-04-11 N/A
Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before 18.16, and 19.x before 19.3, when a rootpw directive is not set in a Kickstart file, sets the root user password to empty, which allows local users to gain privileges.
CVE-2012-6119 3 Candlepinproject, Redhat, Rhel Sam 3 Candlepin, Subscription Asset Manager, 1.2 2025-04-11 N/A
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
CVE-2009-3385 2 Mozilla, Redhat 2 Seamonkey, Enterprise Linux 2025-04-11 N/A
The mail component in Mozilla SeaMonkey before 1.1.19 does not properly restrict execution of scriptable plugin content, which allows user-assisted remote attackers to obtain sensitive information via crafted content in an IFRAME element in an HTML e-mail message, as demonstrated by a Flash object that sends arbitrary local files during a reply or forward operation.
CVE-2010-3194 1 Ibm 1 Db2 2025-04-11 N/A
The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.
CVE-2009-5121 1 Websense 1 Websense Email Security 2025-04-11 N/A
Websense Email Security 7.1 before Hotfix 4 allows remote attackers to bypass the sender-based blacklist by using the 8BITMIME EHLO keyword in the SMTP session.
CVE-2009-5131 1 Websense 1 Websense Email Security 2025-04-11 N/A
The Receive Service in Websense Email Security before 7.1 does not recognize domain extensions in the blacklist, which allows remote attackers to bypass intended access restrictions and send e-mail messages via an SMTP session.
CVE-2010-0451 1 Hp 1 Hp-ux 2025-04-11 N/A
The installation process for NFS/ONCplus B.11.31_08 and earlier on HP HP-UX B.11.31 changes the NFS_SERVER setting in the nfsconf file, which might allow remote attackers to obtain filesystem access via NFS requests.
CVE-2010-0571 1 Cisco 1 Digital Media Manager 2025-04-11 N/A
Unspecified vulnerability in Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x allows remote authenticated users to gain privileges via unknown vectors, and consequently execute arbitrary code via a crafted web application, aka Bug ID CSCtc46008.
CVE-2010-0729 1 Redhat 1 Enterprise Linux 2025-04-11 N/A
A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach call.
CVE-2010-1347 2 Ibm, Linux 3 Aix, Director Agent, Linux Kernel 2025-04-11 N/A
Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and Linux uses incorrect permissions for the (1) diruninstall and (2) opt/ibm/director/bin/wcitinst scripts, which allows local users to gain privileges by executing these scripts.