| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. |
| bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path. |
| HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID. |
| Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user. |
| The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app. |
| Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter. |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization. |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls. |
| Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application. |
| The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites." |
| The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials. |
| Cisco Unified Contact Center Express (Unified CCX) does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575. |
| The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue. |
| ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. |
| Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandles DLL loading, which allows local users to gain privileges via unspecified vectors, aka "Windows IME Elevation of Privilege Vulnerability." |
| Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privilege Vulnerability." |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandle caching for NTLM password-change requests, which allows local users to gain privileges via a crafted application, aka "Windows NTLM Elevation of Privilege Vulnerability." |
| The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." |
| The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. |
| libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges. |
