Total
150 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10734 | 1 Projectsend | 1 Projectsend | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php. | |||||
CVE-2016-7071 | 1 Redhat | 2 Cloudforms, Cloudforms Management Engine | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM. | |||||
CVE-2014-6049 | 1 Phpmyfaq | 1 Phpmyfaq | 2023-12-10 | 5.5 MEDIUM | 2.7 LOW |
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter. | |||||
CVE-2015-7463 | 1 Ibm | 1 Business Process Manager | 2023-12-10 | 5.5 MEDIUM | 4.3 MEDIUM |
IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393. | |||||
CVE-2013-7245 | 1 Sybase | 1 Adaptive Server Enterprise | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859. | |||||
CVE-2016-9575 | 1 Freeipa | 1 Freeipa | 2023-12-10 | 6.5 MEDIUM | 6.3 MEDIUM |
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's permissions while modifying certificate profiles in IdM's certprofile-mod command. An authenticated, unprivileged attacker could use this flaw to modify profiles to issue certificates with arbitrary naming or key usage information and subsequently use such certificates for other attacks. | |||||
CVE-2016-1000219 | 1 Elastic | 1 Kibana | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. This information could be used to hijack sessions of other users when using Kibana behind some form of authentication such as Shield. | |||||
CVE-2014-9945 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | |||||
CVE-2014-9950 | 1 Google | 1 Android | 2023-12-10 | 9.3 HIGH | 7.8 HIGH |
In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | |||||
CVE-2015-3656 | 1 Arubanetworks | 1 Clearpass | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks. | |||||
CVE-2016-9464 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on removing shares. The Sharing Backend as implemented in Nextcloud does differentiate between shares to users and groups. In case of a received group share, users should be able to unshare the file to themselves but not to the whole group. The previous API implementation simply unshared the file to all users in the group. | |||||
CVE-2016-9938 | 1 Digium | 2 Asterisk, Certified Asterisk | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14.x before 14.2.1 and Certified Asterisk 11.x before 11.6-cert16 and 13.x before 13.8-cert4. The chan_sip channel driver has a liberal definition for whitespace when attempting to strip the content between a SIP header name and a colon character. Rather than following RFC 3261 and stripping only spaces and horizontal tabs, Asterisk treats any non-printable ASCII character as if it were whitespace. This means that headers such as Contact\x01: will be seen as a valid Contact header. This mostly does not pose a problem until Asterisk is placed in tandem with an authenticating SIP proxy. In such a case, a crafty combination of valid and invalid To headers can cause a proxy to allow an INVITE request into Asterisk without authentication since it believes the request is an in-dialog request. However, because of the bug described above, the request will look like an out-of-dialog request to Asterisk. Asterisk will then process the request as a new call. The result is that Asterisk can process calls from unvetted sources without any authentication. If you do not use a proxy for authentication, then this issue does not affect you. If your proxy is dialog-aware (meaning that the proxy keeps track of what dialogs are currently valid), then this issue does not affect you. If you use chan_pjsip instead of chan_sip, then this issue does not affect you. | |||||
CVE-2016-5063 | 1 Bmc | 1 Server Automation | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows might allow remote attackers to bypass authorization checks and make an RPC call via unspecified vectors. | |||||
CVE-2016-9217 | 1 Cisco | 1 Intercloud Fabric | 2023-12-10 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers could allow an unauthenticated, remote attacker to connect to the database used by these products. More Information: CSCus99394. Known Affected Releases: 7.3(0)ZN(0.99). | |||||
CVE-2016-8443 | 1 Linux | 1 Linux Kernel | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to subsystem page tables. Product: Android. Versions: Kernel 3.18. Android ID: A-32576499. References: QC-CR#964185. | |||||
CVE-2016-5788 | 1 Ge | 4 Bently Nevada 3500\/22m Serial, Bently Nevada 3500\/22m Serial Firmware, Bently Nevada 3500\/22m Usb and 1 more | 2023-12-10 | 10.0 HIGH | 10.0 CRITICAL |
General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via unspecified vectors. | |||||
CVE-2016-8776 | 1 Huawei | 4 P9, P9 Firmware, P9 Lite and 1 more | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones with software VNS-L21C185 allow attackers to bypass the factory reset protection (FRP) to enter some functional modules without authorization and perform operations to update the Google account. | |||||
CVE-2016-7651 | 1 Apple | 2 Iphone Os, Watchos | 2023-12-10 | 4.6 MEDIUM | 5.3 MEDIUM |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3.1.1 is affected. The issue involves the "Accounts" component, which allows local users to bypass intended authorization restrictions by leveraging the mishandling of an app uninstall. | |||||
CVE-2015-1000007 | 1 Wptf-image-gallery Project | 1 Wptf-image-gallery | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Remote file download vulnerability in wptf-image-gallery v1.03 | |||||
CVE-2016-0922 | 1 Emc | 1 Vipr Srm | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force guessing attack. |