Total
2456 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-7849 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Operations Network | 2025-04-12 | N/A |
| The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role. | ||||
| CVE-2015-4106 | 6 Canonical, Citrix, Debian and 3 more | 8 Ubuntu Linux, Xenserver, Debian Linux and 5 more | 2025-04-12 | N/A |
| QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. | ||||
| CVE-2014-3663 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors. | ||||
| CVE-2013-7330 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions. | ||||
| CVE-2014-8109 | 4 Apache, Canonical, Fedoraproject and 1 more | 4 Http Server, Ubuntu Linux, Fedora and 1 more | 2025-04-12 | N/A |
| mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different arguments within different contexts, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging multiple Require directives, as demonstrated by a configuration that specifies authorization for one group to access a certain directory, and authorization for a second group to access a second directory. | ||||
| CVE-2016-4178 | 6 Adobe, Apple, Google and 3 more | 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more | 2025-04-12 | 4.3 Medium |
| Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-4514 | 1 Moxa | 2 Pt-7728, Pt-7728 Firmware | 2025-04-12 | 7.7 High |
| Moxa PT-7728 devices with software 3.4 build 15081113 allow remote authenticated users to change the configuration via vectors involving a local proxy. | ||||
| CVE-2016-1237 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. | ||||
| CVE-2014-3520 | 2 Openstack, Redhat | 2 Keystone, Openstack | 2025-04-12 | N/A |
| OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust token request. | ||||
| CVE-2015-5189 | 2 Pacemaker\/corosync Configuration System Project, Redhat | 2 Pacemaker\/corosync Configuration System, Enterprise Linux | 2025-04-12 | N/A |
| Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated. | ||||
| CVE-2024-35353 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2025-04-11 | 9.8 Critical |
| A vulnerability has been discovered in DiƱo Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Users.php?f=save. Manipulating the argument id can result in improper authorization. | ||||
| CVE-2012-1342 | 1 Cisco | 1 Carrier Routing System | 2025-04-11 | 5.8 Medium |
| Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote attackers to bypass ACL entries via fragmented packets, aka Bug ID CSCtj10975. | ||||
| CVE-2013-4342 | 2 Redhat, Xinetd | 2 Enterprise Linux, Xinetd | 2025-04-11 | N/A |
| xinetd does not enforce the user and group configuration directives for TCPMUX services, which causes these services to be run as root and makes it easier for remote attackers to gain privileges by leveraging another vulnerability in a service. | ||||
| CVE-2013-6926 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2025-04-11 | N/A |
| The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account. | ||||
| CVE-2012-3516 | 2 Citrix, Xen | 2 Xenserver, Xen | 2025-04-11 | N/A |
| The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and possibly gain privileges via a crafted grant reference that triggers a write to an arbitrary hypervisor memory location. | ||||
| CVE-2012-0056 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-11 | N/A |
| The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper. | ||||
| CVE-2011-4608 | 1 Redhat | 3 Jboss Enterprise Application Platform, Jboss Enterprise Web Platform, Jboss Enterprise Web Server | 2025-04-11 | N/A |
| mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints. | ||||
| CVE-2013-0889 | 5 Apple, Google, Linux and 2 more | 5 Mac Os X, Chrome, Linux Kernel and 2 more | 2025-04-11 | N/A |
| Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly enforce a user gesture requirement before proceeding with a file download, which might make it easier for remote attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2011-1207 | 1 Ibm | 1 Rational System Architect | 2025-04-11 | N/A |
| The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX controls, as distributed in ActBar.ocx 1.0.6.5 in IBM Rational System Architect 11.4.0.2, 11.4.0.1, and earlier, does not properly restrict the SetLayoutData method, which allows remote attackers to execute arbitrary code via a crafted Data argument, a different vulnerability than CVE-2007-3883. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2011-1123 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 9.0.597.107 does not properly restrict access to internal extension functions, which has unspecified impact and remote attack vectors. | ||||