Total
906 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-7078 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-11-21 | N/A |
foreman before version 1.15.0 is vulnerable to an information leak through organizations and locations feature. When a user is assigned _no_ organizations/locations, they are able to view all resources instead of none (mirroring an administrator's view). The user's actions are still limited by their assigned permissions, e.g. to control viewing, editing and deletion. | ||||
CVE-2016-7077 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2024-11-21 | N/A |
foreman before 1.14.0 is vulnerable to an information leak. It was found that Foreman form helper does not authorize options for associated objects. Unauthorized user can see names of such objects if their count is less than 6. | ||||
CVE-2016-7071 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | N/A |
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM. | ||||
CVE-2016-7035 | 2 Clusterlabs, Redhat | 4 Pacemaker, Enterprise Linux, Enterprise Linux Server and 1 more | 2024-11-21 | N/A |
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain root access on the machine. | ||||
CVE-2016-10859 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). | ||||
CVE-2016-10848 | 1 Cpanel | 1 Cpanel | 2024-11-21 | N/A |
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). | ||||
CVE-2016-10734 | 1 Projectsend | 1 Projectsend | 2024-11-21 | N/A |
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log.export.php. | ||||
CVE-2016-0373 | 1 Ibm | 1 Urbancode Deploy | 2024-11-21 | N/A |
IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive information due to UCD REST endpoints not properly authorizing users when determining who can read data. IBM X-Force ID: 112119. | ||||
CVE-2015-7463 | 1 Ibm | 1 Business Process Manager | 2024-11-21 | N/A |
IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow remote authenticated users to delete process and task data by leveraging incorrect authorization checks. IBM X-Force ID: 108393. | ||||
CVE-2015-5463 | 1 Axiomsl | 1 Axiom | 2024-11-21 | N/A |
AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI services) 9.5.3 and earlier allows remote attackers to (1) access data of other basic users through arbitrary SQL commands, (2) perform a horizontal and vertical privilege escalation, (3) cause a Denial of Service on global application, or (4) write/read/delete arbitrary files on server hosting the application. | ||||
CVE-2015-3954 | 1 Pifzer | 6 Plum A\+3 Infusion System, Plum A\+3 Infusion System Firmware, Plum A\+ Infusion System and 3 more | 2024-11-21 | N/A |
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pump. Hospira recommends that customers close Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue. | ||||
CVE-2015-1780 | 1 Redhat | 2 Ovirt-engine, Virtualization | 2024-11-21 | 6.5 Medium |
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center | ||||
CVE-2015-10033 | 1 Merlinsboard Project | 1 Merlinsboard | 2024-11-21 | 3.5 Low |
A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The identifier of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability. | ||||
CVE-2014-6049 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A |
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass authorization via a crafted instance ID parameter. | ||||
CVE-2014-0197 | 1 Redhat | 3 Cloudforms, Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | 8.8 High |
CFME: CSRF protection vulnerability via permissive check of the referrer header | ||||
CVE-2014-0087 | 1 Redhat | 2 Cloudforms Management Engine, Cloudforms Managementengine | 2024-11-21 | N/A |
The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action. | ||||
CVE-2013-7245 | 1 Sybase | 1 Adaptive Server Enterprise | 2024-11-21 | N/A |
The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859. | ||||
CVE-2013-4201 | 2 Katello, Redhat | 2 Katello, Satellite | 2024-11-21 | N/A |
Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions. | ||||
CVE-2024-48897 | 1 Moodle | 1 Moodle | 2024-11-20 | 6.5 Medium |
A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify. | ||||
CVE-2024-48901 | 1 Moodle | 1 Moodle | 2024-11-20 | 4.3 Medium |
A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report. |