| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote authenticated users to bypass intended privilege requirements and delete the private messages of arbitrary users via unspecified vectors. |
| The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. |
| The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. |
| VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to create or overwrite arbitrary files, and consequently execute arbitrary code or cause a denial of service, by leveraging Virtual Appliance Management Interface (VAMI) web-interface access. |
| VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction with an empty password. |
| A certain configuration of Android 2.3.7 on the Motorola Defy XT phone for Republic Wireless uses init to create a /dev/socket/init_runit socket that listens for shell commands, which allows local users to gain privileges by interacting with a LocalSocket object. |
| Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-0624. |
| Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-0622. |
| The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by appending commands. |
| The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file. |
| Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a direct request. |
| The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service. |
| NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and earlier, and 2.5 Rev 2244 and earlier does not provide access control, which allows remote attackers to perform arbitrary RAID disk operations via unspecified vectors. |
| The Simeji application 4.8.1 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. |
| The ArtIME Japanese Input application 1.1.2 and earlier for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. |
| The COBIME application before 0.9.4 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local filesystem. |
| Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do not restrict a touch event to a single IFRAME element, which allows remote attackers to obtain sensitive information or possibly conduct cross-site scripting (XSS) attacks via a crafted HTML document. |
| The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810. |
| IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote authenticated users to modify virtual-system deployment via deployer.virtualsystems CLI commands, as demonstrated by a deletion using a deployer.virtualsystems[#].delete command. |
| The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file. |