Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7766 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-04-12 | N/A |
| PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO." | ||||
| CVE-2015-2694 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2025-04-12 | N/A |
| The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. | ||||
| CVE-2015-7835 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. | ||||
| CVE-2014-4076 | 1 Microsoft | 1 Windows Server 2003 | 2025-04-12 | N/A |
| Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability." | ||||
| CVE-2015-7685 | 1 Glpi-project | 1 Glpi | 2025-04-12 | N/A |
| GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php. | ||||
| CVE-2014-1996 | 1 Cybozu | 1 Garoon | 2025-04-12 | N/A |
| Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call. | ||||
| CVE-2013-6442 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2025-04-12 | N/A |
| The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change. | ||||
| CVE-2014-2102 | 1 Cisco | 1 Unified Contact Center Express Editor Software | 2025-04-12 | N/A |
| Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575. | ||||
| CVE-2015-7717 | 1 Google | 1 Android | 2025-04-12 | N/A |
| mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596. | ||||
| CVE-2013-6666 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header. | ||||
| CVE-2015-7840 | 1 Solarwinds | 1 Log And Event Manager | 2025-04-12 | N/A |
| The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature. | ||||
| CVE-2013-6713 | 1 Ibm | 1 Tivoli Storage Manager For Virtual Environments | 2025-04-12 | N/A |
| The Data Protection for VMware component in IBM Tivoli Storage Manager for Virtual Environments (TSMVE) 6.3 through 7.1.0.2 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (disk consumption) via unspecified GUI actions. | ||||
| CVE-2013-6714 | 1 Ibm | 1 Tivoli Storage Flashcopy Manager | 2025-04-12 | N/A |
| The FlashCopy Manager for VMware component in IBM Tivoli Storage FlashCopy Manager 3.1 through 4.1.0.1 does not properly check authorization for backup and restore operations, which allows local users to obtain sensitive VM data or cause a denial of service (data overwrite or disk consumption) via unspecified GUI actions. | ||||
| CVE-2015-7455 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | N/A |
| IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifications via the authoring UI. | ||||
| CVE-2014-1959 | 1 Gnu | 1 Gnutls | 2025-04-12 | N/A |
| lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates. | ||||
| CVE-2013-6731 | 1 Ibm | 1 Netezza Performance Portal | 2025-04-12 | N/A |
| IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request. | ||||
| CVE-2015-1704 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1703. | ||||
| CVE-2015-1893 | 1 Ibm | 1 Websphere Datapower Xc10 Appliance Firmware | 2025-04-12 | N/A |
| The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the sessions of arbitrary users, and consequently obtain sensitive information or modify data, via unspecified vectors. | ||||
| CVE-2015-1688 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| CVE-2015-7468 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-12 | N/A |
| Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors. | ||||