Search Results (5494 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-0721 1 Cisco 56 Nexus 1000v For Microsoft Hyper-v, Nexus 1000v For Vmware Vsphere, Nexus 3016 and 53 more 2025-04-12 N/A
Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492.
CVE-2014-5356 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Image Registry And Delivery Service \(glance\), Openstack 2025-04-12 N/A
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configuration option, which allows remote authenticated users to cause a denial of service (disk consumption) by uploading a large image.
CVE-2014-7189 1 Golang 1 Go 2025-04-12 N/A
crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.
CVE-2014-7872 1 Comodo 1 Geekbuddy 2025-04-12 N/A
Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server.
CVE-2015-0761 1 Cisco 1 Anyconnect Secure Mobility Client 2025-04-12 N/A
Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790.
CVE-2014-6141 1 Ibm 1 Tivoli Monitoring 2025-04-12 N/A
IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands.
CVE-2014-6257 1 Zenoss 1 Zenoss Core 2025-04-12 N/A
Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407.
CVE-2014-6276 2 Debian, Roundup-tracker 2 Debian Linux, Roundup 2025-04-12 N/A
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
CVE-2014-6288 1 Alex Kellner 1 Powermail 2025-04-12 N/A
The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors.
CVE-2014-6331 1 Microsoft 3 Active Directory Federation Services, Windows 2008, Windows Server 2012 2025-04-12 N/A
Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."
CVE-2015-1856 3 Canonical, Openstack, Redhat 5 Ubuntu Linux, Swift, Enterprise Linux and 2 more 2025-04-12 N/A
OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.
CVE-2014-7180 1 Electric Cloud 1 Electriccommander 2025-04-12 N/A
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.
CVE-2015-0767 1 Cisco 2 Edge 340, Edge 340 Firmware 2025-04-12 N/A
Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132.
CVE-2014-7999 1 Cisco 6 Meraki Mr, Meraki Mr Firmware, Meraki Ms and 3 more 2025-04-12 N/A
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565.
CVE-2014-8000 1 Cisco 1 Unified Communications Manager Im And Presence Service 2025-04-12 N/A
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497.
CVE-2014-8072 1 Openmrs 1 Openmrs 2025-04-12 N/A
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.
CVE-2014-8114 1 Redhat 3 Jboss Bpms, Jboss Brms, Uberfire 2025-04-12 N/A
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet.
CVE-2014-8133 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-12 N/A
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.
CVE-2014-8143 1 Samba 1 Samba 2025-04-12 N/A
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.
CVE-2014-8175 1 Redhat 2 Jboss Amq, Jboss Fuse 2025-04-12 N/A
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.