Lucene search
K

2997 matches found

CNVD
CNVD
added 2015/10/04 12:0 a.m.11 views

Xen Elevation of Privilege Vulnerability

Xen is a virtualization technology used in the Linux kernel that allows multiple operating systems to run simultaneously. An elevation of privilege vulnerability exists in Xen 4.1.x through 4.6.x that allows a local user to write a read-only disk image...

3.6CVSS8.3AI score0.00417EPSS
Exploits0References1
OSV
OSV
added 2015/10/01 8:59 p.m.9 views

CVE-2015-7311

libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image...

7.4AI score
Exploits0References10
OSV
OSV
added 2015/10/01 8:59 p.m.4 views

UBUNTU-CVE-2015-7311

libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image...

3.6CVSS7.2AI score0.00417EPSS
Exploits0References3
NVD
NVD
added 2015/09/11 4:59 p.m.16 views

CVE-2015-6464

The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin...

8.5CVSS6.3AI score0.02004EPSS
Exploits0References2
CVE
CVE
added 2015/09/11 4:0 p.m.50 views

CVE-2015-6464

CVE-2015-6464 affects Moxa EDS-405A/EDS-408A switches. The administrative web interface contains an improper privilege management flaw that lets remote authenticated users bypass the read-only protection via a Firefox web developer plugin. Impact: elevation of privileges (read/write where only re...

8.5CVSS6.5AI score0.02004EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2015/09/11 4:0 p.m.24 views

CVE-2015-6464

The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin...

6.3AI score0.02004EPSS
Exploits0References2
Prion
Prion
added 2015/08/20 12:59 a.m.17 views

Input validation

Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified...

4CVSS7.7AI score0.01983EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2015/08/20 12:0 a.m.4 views

Cisco TelePresence Video Communication Server Expressway Arbitrary Command Execution Vulnerability

Cisco TelePresence Video Communication Server VCS Expressway is a TelePresence video communication server from Cisco that integrates with Unified Communications and voice communication environments to provide the best possible experience for end users using a variety of communication tools. A...

4CVSS7.4AI score0.01983EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/08/20 12:0 a.m.24 views

CVE-2015-4328

Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified...

7.2AI score0.01983EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2015/07/20 2:6 p.m.6 views

pacemaker: acl read-only access allow role assignment

A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well...

7.5CVSS5.7AI score0.03EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2015/07/20 12:0 a.m.4 views

PT-2015-5478 · Clusterlabs +3 · Pacemaker +3

Name of the Vulnerable Software and Affected Versions: Pacemaker versions prior to 1.1.13 Description: The issue allows remote read-only users to gain privileges via an acl command due to improper evaluation of added nodes. Recommendations: For versions prior to 1.1.13, update to version 1.1.13 o...

7.5CVSS8.8AI score0.03EPSS
Exploits1References28
Fedora
Fedora
added 2015/07/19 1:57 a.m.32 views

[SECURITY] Fedora 22 Update: squashfs-tools-4.3-11.fc22

Squashfs is a highly compressed read-only filesystem for Linux. This packa ge contains the utilities for manipulating squashfs filesystems...

7.5CVSS1.2AI score0.0691EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2015/03/08 12:0 a.m.30 views

CVE-2015-1223

Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change...

7.5CVSS7.3AI score0.01851EPSS
Exploits0References5
Veeam
Veeam
added 2015/02/10 12:0 a.m.14 views

Direct SAN Restore for thick disk VDDK error: One of the parameters supplied is invalid

Challenge When performing a write operation using Direct-SAN transport mode e.g., Entire VM Restore, VM Hard Disk Restore, or initial run of a replication job the task fails with the error: Unable to execute write operation using advanced transport, failing over to network mode... ERR |VDDK error...

7.4AI score
Exploits0Affected Software1
Prion
Prion
added 2015/01/30 11:59 a.m.20 views

Design/Logic Flaw

The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app...

10CVSS5.9AI score0.02939EPSS
Exploits0References7Affected Software3
Cvelist
Cvelist
added 2015/01/30 11:0 a.m.27 views

CVE-2014-4495

The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app...

2.8AI score0.02939EPSS
Exploits0References7
CNVD
CNVD
added 2015/01/30 12:0 a.m.4 views

Apple TV and iOS Kernel Shared Memory Subsystem Elevation of Privilege Vulnerability

Apple iOS is the latest operating system for Apple's iPhone and iPod touch devices. Apple TV is Apple's way of allowing photos, videos and music from PCs and iPods to be transmitted wirelessly to a TV in high definition. Apple TV and iOS handle a security issue with the kernel's shared memory...

10CVSS7.4AI score0.02939EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/01/05 8:29 p.m.6 views

libvirt: dumpxml: information leak with migratable flag

It was found that when the VIRDOMAINXMLMIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc function could bypass the restrictions of the VIRDOMAINXMLSECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak...

5CVSS6.9AI score0.01905EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2014/11/25 3:10 a.m.96 views

USN-2416-1: Linux kernel (EC2) vulnerabilities

Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service memory corruption or OOPS. CVE-2014-4608 Andy Lutomirski discovered that the Linux kernel was not checking the CAPSYSADMIN when remounting...

7.5CVSS6.8AI score0.05421EPSS
Exploits0
Ubuntu
Ubuntu
added 2014/11/25 3:8 a.m.93 views

USN-2415-1: Linux kernel vulnerability

Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service memory corruption or OOPS. CVE-2014-4608 Andy Lutomirski discovered that the Linux kernel was not checking the CAPSYSADMIN when remounting...

7.5CVSS6.8AI score0.05421EPSS
Exploits0
Rows per page
Query Builder