Lucene search
K

5260 matches found

OSV
OSV
added 2013/09/25 10:31 a.m.1 views

DEBIAN-CVE-2013-4300

The scmcheckcreds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing...

7.2CVSS6AI score0.00422EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2013/09/25 10:0 a.m.30 views

CVE-2013-4300

The scmcheckcreds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing...

7.2CVSS6.1AI score0.00422EPSS
Exploits1
OSV
OSV
added 2013/09/25 12:0 a.m.3 views

UBUNTU-CVE-2013-4300

The scmcheckcreds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing...

7.2CVSS6.5AI score0.00422EPSS
Exploits1References5
Prion
Prion
added 2013/07/29 1:59 p.m.8 views

Design/Logic Flaw

mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a...

4CVSS6.1AI score0.01EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.61 views

Oracle Linux 5 : kernel (ELSA-2009-0473)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-0473 advisory. - misc exitnotify: kill the wrong capable check 494270 494271 CVE-2009-1337 - misc fork: CLONEPARENT && parentexecid interaction Don Howard 479963 4799...

4.9CVSS5.6AI score0.01255EPSS
Exploits3References6
Prion
Prion
added 2013/01/27 10:55 p.m.22 views

Design/Logic Flaw

calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object...

5.5CVSS6.7AI score0.01272EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2013/01/27 10:0 p.m.29 views

CVE-2012-6106

calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object...

6.1AI score0.01272EPSS
Exploits0References3
CVE
CVE
added 2013/01/27 10:0 p.m.46 views

CVE-2012-6106

CVE-2012-6106 affects Moodle 2.4.x (before 2.4.1). The issue is an omitted capability check in calendar/managesubscriptions.php, allowing remote authenticated users (via the student role) to remove course-level calendar subscriptions by sending an iCalendar object. Connected sources confirm the a...

5.5CVSS6.3AI score0.01272EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2012/09/14 7:55 p.m.5 views

DEBIAN-CVE-2012-4421

The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...

4CVSS6.7AI score0.01902EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2012/09/14 7:0 p.m.32 views

CVE-2012-4421

The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...

4CVSS4.5AI score0.01902EPSS
Exploits1
CVE
CVE
added 2012/09/14 7:0 p.m.137 views

CVE-2012-4421

CVE-2012-4421 affects WordPress versions before 3.4.2. The vulnerability is in the function create_post in wp-includes/class-wp-atom-server.php, which does not perform a capability check. This allows remote authenticated users with the Contributor role to bypass intended access restrictions and p...

4CVSS6.2AI score0.01902EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2012/07/23 9:55 p.m.16 views

CVE-2012-3388

The isenrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record...

4CVSS6AI score0.01128EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2012/07/23 9:55 p.m.20 views

CVE-2012-3388

The isenrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record...

4CVSS5.9AI score0.01128EPSS
Exploits0References3
OSV
OSV
added 2012/07/23 9:55 p.m.3 views

UBUNTU-CVE-2012-3388

The isenrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record...

4CVSS5.8AI score0.01128EPSS
Exploits0References4
Cvelist
Cvelist
added 2012/07/23 9:0 p.m.22 views

CVE-2012-3388

The isenrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record...

5.9AI score0.01128EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2010/04/27 12:46 p.m.64 views

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores...

7.1CVSS7AI score0.03431EPSS
Exploits6References11
seebug.org
seebug.org
added 2009/11/05 12:0 a.m.33 views

Linux Kernel子系统连接器缺少能力检查漏洞

BUGTRAQ ID: 36834 CVECAN ID: CVE-2009-3725 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的drivers/video/uvesafb.c、drivers/staging/pohmelfs/config.c、drivers/staging/dst/dcore.c和drivers/md/dm-log-userspace-transfer.c驱动中缺少能力检查,非特权用户可以向某些使用连接器的子系统发送netlink报文执行一些非授权的操作。 Linux kernel 2.6.x 厂商补丁: Linux...

7.2CVSS0.2AI score0.00611EPSS
Exploits2
Prion
Prion
added 2009/09/18 10:30 a.m.29 views

Design/Logic Flaw

The z90cryptunlockedioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage...

4.4CVSS6.5AI score0.00342EPSS
Exploits1References9Affected Software1
RedHat Linux
RedHat Linux
added 2009/09/15 8:19 a.m.5 views

kernel: missing capability check in z90crypt

The z90cryptunlockedioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage...

4.4CVSS5.8AI score0.00342EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/09/24 6:43 p.m.5 views

kernel: missing check before setting mount propagation

The dochangetype function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAPSYSADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint...

7.8CVSS7.1AI score0.00375EPSS
Exploits0References4
Rows per page
Query Builder