Total
2227 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5072 | 1 Bmc | 1 Remedy Ar System Server | 2024-11-21 | 6.5 Medium |
| The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter. | ||||
| CVE-2015-5071 | 1 Bmc | 1 Remedy Ar System Server | 2024-11-21 | 6.5 Medium |
| AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet. | ||||
| CVE-2015-4719 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 9.8 Critical |
| The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request. | ||||
| CVE-2015-3613 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 9.8 Critical |
| A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page | ||||
| CVE-2015-2909 | 1 Netvu | 40 Ds2 \(dvtr\), Ds2 \(dvtr\) Firmware, Ds2 \(dvtu\) and 37 more | 2024-11-21 | 9.8 Critical |
| Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords." | ||||
| CVE-2015-0949 | 2 Dell, Hp | 4 Latitude E6430, Latitude E6430 Firmware, Elitebook 850 G1 and 1 more | 2024-11-21 | 7.8 High |
| The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory. | ||||
| CVE-2014-6448 | 1 Juniper | 1 Junos | 2024-11-21 | 7.8 High |
| Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access. | ||||
| CVE-2014-4170 | 1 Freereprintables | 1 Articlefr | 2024-11-21 | 9.8 Critical |
| A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information. | ||||
| CVE-2013-6773 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2024-11-21 | 7.8 High |
| Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges | ||||
| CVE-2013-6295 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 9.8 Critical |
| PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module | ||||
| CVE-2013-6231 | 1 Eng | 1 Spagobi | 2024-11-21 | 8.8 High |
| SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script | ||||
| CVE-2013-5027 | 1 O-dyn | 1 Collabtive | 2024-11-21 | 9.8 Critical |
| Collabtive 1.0 has incorrect access control | ||||
| CVE-2013-4975 | 1 Hikvision | 2 Ds-2cd7153-e, Ds-2cd7153-e Firmware | 2024-11-21 | 8.8 High |
| Hikvision DS-2CD7153-E IP Camera has Privilege Escalation | ||||
| CVE-2013-4867 | 1 Ea | 2 Karotz Smart Rabbit, Karotz Smart Rabbit Firmware | 2024-11-21 | 6.3 Medium |
| Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking | ||||
| CVE-2013-4583 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2024-11-21 | 8.8 High |
| The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories. | ||||
| CVE-2013-4536 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2024-11-21 | 7.8 High |
| An user able to alter the savevm data (either on the disk or over the wire during migration) could use this flaw to to corrupt QEMU process memory on the (destination) host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process. | ||||
| CVE-2013-4251 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| The scipy.weave component in SciPy before 0.12.1 creates insecure temporary directories. | ||||
| CVE-2013-4161 | 2 Fedoraproject, Gksu-polkit Project | 2 Fedora, Gksu-polkit | 2024-11-21 | 7.8 High |
| gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue. | ||||
| CVE-2013-3323 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2024-11-21 | 9.8 Critical |
| A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access. | ||||
| CVE-2013-2625 | 3 Debian, Opensuse, Otrs | 5 Debian Linux, Opensuse, Faq and 2 more | 2024-11-21 | 6.5 Medium |
| An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not verified | ||||