Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5784 | 1 Apple | 1 Mac Os X | 2017-09-21 | 9.3 HIGH | N/A |
| runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2015-4535 | 1 Emc | 1 Documentum Content Server | 2017-09-21 | 7.5 HIGH | N/A |
| Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket. | |||||
| CVE-2015-4533 | 1 Emc | 1 Documentum Content Server | 2017-09-21 | 9.0 HIGH | N/A |
| EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. | |||||
| CVE-2015-4303 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2017-09-21 | 6.5 MEDIUM | N/A |
| Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333. | |||||
| CVE-2015-4235 | 1 Cisco | 2 Application Policy Infrastructure Controller \(apic\), Nx-os | 2017-09-21 | 9.0 HIGH | N/A |
| Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991. | |||||
| CVE-2015-3772 | 1 Apple | 1 Mac Os X | 2017-09-21 | 7.2 HIGH | N/A |
| IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771. | |||||
| CVE-2015-3767 | 1 Apple | 1 Mac Os X | 2017-09-21 | 7.2 HIGH | N/A |
| udf in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via a malformed DMG image. | |||||
| CVE-2015-3761 | 1 Apple | 1 Mac Os X | 2017-09-21 | 7.2 HIGH | N/A |
| The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2015-3283 | 1 Openafs | 1 Openafs | 2017-09-21 | 6.8 MEDIUM | N/A |
| OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. | |||||
| CVE-2015-1905 | 1 Ibm | 1 Business Process Manager | 2017-09-21 | 4.0 MEDIUM | N/A |
| The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions on task-variable value changes via unspecified vectors. | |||||
| CVE-2015-1904 | 1 Ibm | 1 Business Process Manager | 2017-09-21 | 3.5 LOW | N/A |
| IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action. | |||||
| CVE-2015-1489 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-21 | 8.5 HIGH | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. | |||||
| CVE-2015-1328 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2017-09-21 | 7.2 HIGH | 7.8 HIGH |
| The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace. | |||||
| CVE-2015-5367 | 1 Hp | 39 Elite X2 1010 G2, Elitebook 1040 G1, Elitebook 1040 G2 and 36 more | 2017-09-20 | 6.9 MEDIUM | N/A |
| The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2015-4322 | 1 Cisco | 1 Content Security Management Appliance | 2017-09-20 | 5.5 MEDIUM | N/A |
| Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894. | |||||
| CVE-2013-5598 | 1 Mozilla | 2 Firefox, Firefox Esr | 2017-09-19 | 8.3 HIGH | N/A |
| PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object. | |||||
| CVE-2013-4277 | 1 Apache | 1 Subversion | 2017-09-19 | 3.3 LOW | N/A |
| Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. | |||||
| CVE-2013-3005 | 1 Ibm | 2 Aix, Vios | 2017-09-19 | 8.5 HIGH | N/A |
| The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors. | |||||
| CVE-2013-1737 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-09-19 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 do not properly identify the "this" object during use of user-defined getter methods on DOM proxies, which might allow remote attackers to bypass intended access restrictions via vectors involving an expando object. | |||||
| CVE-2013-1726 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-09-19 | 6.2 MEDIUM | N/A |
| Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 does not ensure exclusive access to a MAR file, which allows local users to gain privileges by creating a Trojan horse file after MAR signature verification but before MAR use. | |||||