Search Results (5494 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1856 3 Canonical, Openstack, Redhat 5 Ubuntu Linux, Swift, Enterprise Linux and 2 more 2025-04-12 N/A
OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.
CVE-2014-7180 1 Electric Cloud 1 Electriccommander 2025-04-12 N/A
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.
CVE-2015-0767 1 Cisco 2 Edge 340, Edge 340 Firmware 2025-04-12 N/A
Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132.
CVE-2014-7984 1 Joomla 1 Joomla\! 2025-04-12 N/A
Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote attackers to authenticate and bypass intended restrictions via vectors involving GMail authentication.
CVE-2014-7986 1 Espocrm 1 Espocrm 2025-04-12 N/A
install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter.
CVE-2014-7828 1 Freeipa 1 Freeipa 2025-04-12 N/A
FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, which triggers an anonymous bind.
CVE-2014-7832 1 Moodle 1 Moodle 2025-04-12 N/A
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by viewing an activity instance.
CVE-2014-7834 1 Moodle 1 Moodle 2025-04-12 N/A
mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.
CVE-2014-7837 1 Moodle 1 Moodle 2025-04-12 N/A
mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki.
CVE-2015-0773 1 Cisco 1 Firesight System Software 2025-04-12 N/A
Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078.
CVE-2014-8612 1 Freebsd 1 Freebsd 2025-04-12 N/A
Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option.
CVE-2014-8734 1 Drupal 1 Organic Groups Menu 2025-04-12 N/A
The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors.
CVE-2014-8828 1 Apple 1 Mac Os X 2025-04-12 N/A
Sandbox in Apple OS X before 10.10 allows attackers to write to the sandbox-profile cache via a sandboxed app that includes a com.apple.sandbox segment in a path.
CVE-2014-8831 1 Apple 1 Mac Os X 2025-04-12 N/A
security_taskgate in Apple OS X before 10.10.2 allows attackers to read group-ACL-restricted keychain items of arbitrary apps via a crafted app with a signature from a (1) self-signed certificate or (2) Developer ID certificate.
CVE-2014-9249 1 Zenoss 1 Zenoss Core 2025-04-12 N/A
The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408.
CVE-2014-9304 1 Plex 1 Media Server 2025-04-12 N/A
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server.
CVE-2014-9353 1 Netapp 1 Oncommand Balance 2025-04-12 N/A
NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors.
CVE-2014-9357 2 Docker, Redhat 2 Docker, Rhel Extras Other 2025-04-12 N/A
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.
CVE-2014-9387 1 Sap 1 Businessobjects 2025-04-12 N/A
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
CVE-2014-9476 1 Mediawiki 1 Mediawiki 2025-04-12 N/A
MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to an allowed origin, as demonstrated by "http://en.wikipedia.org.evilsite.example/."