| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer role. |
| Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows remote authenticated users to gain privileges via unknown vectors. |
| luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291. |
| The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scopes including the SID and LSID scopes, and consequently obtain access to a Google account, via a crafted application, as demonstrated by setting the has_permission=1 parameter value upon finding _opt_has_permission in that argument. |
| Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header. |
| Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow physically proximate attackers to obtain shell access by opening a device's case and connecting a cable to a serial port, aka Cisco-Meraki defect ID 00302077. |
| Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. |
| Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565. |
| Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. |
| The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400. |
| Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users to bypass intended resource-access restrictions via a crafted tunnel-group parameter, aka Bug ID CSCtz48533. |
| The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034. |
| The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin. |
| The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet. |
| The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors. |
| The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access. |
| arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value. |
| The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: URL in the image location property. |
| RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header. |
| VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in the Authorization HTTP header. |
