5260 matches found
DEBIAN-CVE-2013-4300
The scmcheckcreds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing...
CVE-2013-4300
The scmcheckcreds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing...
UBUNTU-CVE-2013-4300
The scmcheckcreds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing...
Design/Logic Flaw
mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a...
Oracle Linux 5 : kernel (ELSA-2009-0473)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2009-0473 advisory. - misc exitnotify: kill the wrong capable check 494270 494271 CVE-2009-1337 - misc fork: CLONEPARENT && parentexecid interaction Don Howard 479963 4799...
Design/Logic Flaw
calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object...
CVE-2012-6106
calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object...
CVE-2012-6106
CVE-2012-6106 affects Moodle 2.4.x (before 2.4.1). The issue is an omitted capability check in calendar/managesubscriptions.php, allowing remote authenticated users (via the student role) to remove course-level calendar subscriptions by sending an iCalendar object. Connected sources confirm the a...
DEBIAN-CVE-2012-4421
The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...
CVE-2012-4421
The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...
CVE-2012-4421
CVE-2012-4421 affects WordPress versions before 3.4.2. The vulnerability is in the function create_post in wp-includes/class-wp-atom-server.php, which does not perform a capability check. This allows remote authenticated users with the Contributor role to bypass intended access restrictions and p...
CVE-2012-3388
The isenrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record...
CVE-2012-3388
The isenrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record...
UBUNTU-CVE-2012-3388
The isenrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record...
CVE-2012-3388
The isenrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores...
Linux Kernel子系统连接器缺少能力检查漏洞
BUGTRAQ ID: 36834 CVECAN ID: CVE-2009-3725 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的drivers/video/uvesafb.c、drivers/staging/pohmelfs/config.c、drivers/staging/dst/dcore.c和drivers/md/dm-log-userspace-transfer.c驱动中缺少能力检查,非特权用户可以向某些使用连接器的子系统发送netlink报文执行一些非授权的操作。 Linux kernel 2.6.x 厂商补丁: Linux...
Design/Logic Flaw
The z90cryptunlockedioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage...
kernel: missing capability check in z90crypt
The z90cryptunlockedioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage...
kernel: missing check before setting mount propagation
The dochangetype function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAPSYSADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint...