2997 matches found
Xen Elevation of Privilege Vulnerability
Xen is a virtualization technology used in the Linux kernel that allows multiple operating systems to run simultaneously. An elevation of privilege vulnerability exists in Xen 4.1.x through 4.6.x that allows a local user to write a read-only disk image...
CVE-2015-7311
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image...
UBUNTU-CVE-2015-7311
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image...
CVE-2015-6464
The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin...
CVE-2015-6464
CVE-2015-6464 affects Moxa EDS-405A/EDS-408A switches. The administrative web interface contains an improper privilege management flaw that lets remote authenticated users bypass the read-only protection via a Firefox web developer plugin. Impact: elevation of privileges (read/write where only re...
CVE-2015-6464
The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin...
Input validation
Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified...
Cisco TelePresence Video Communication Server Expressway Arbitrary Command Execution Vulnerability
Cisco TelePresence Video Communication Server VCS Expressway is a TelePresence video communication server from Cisco that integrates with Unified Communications and voice communication environments to provide the best possible experience for end users using a variety of communication tools. A...
CVE-2015-4328
Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, as demonstrated by read or write operations on the Unified...
pacemaker: acl read-only access allow role assignment
A flaw was found in the way pacemaker, a cluster resource manager, evaluated added nodes in certain situations. A user with read-only access could potentially assign any other existing roles to themselves and then add privileges to other users as well...
PT-2015-5478 · Clusterlabs +3 · Pacemaker +3
Name of the Vulnerable Software and Affected Versions: Pacemaker versions prior to 1.1.13 Description: The issue allows remote read-only users to gain privileges via an acl command due to improper evaluation of added nodes. Recommendations: For versions prior to 1.1.13, update to version 1.1.13 o...
[SECURITY] Fedora 22 Update: squashfs-tools-4.3-11.fc22
Squashfs is a highly compressed read-only filesystem for Linux. This packa ge contains the utilities for manipulating squashfs filesystems...
CVE-2015-1223
Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger extraneous change...
Direct SAN Restore for thick disk VDDK error: One of the parameters supplied is invalid
Challenge When performing a write operation using Direct-SAN transport mode e.g., Entire VM Restore, VM Hard Disk Restore, or initial run of a replication job the task fails with the error: Unable to execute write operation using advanced transport, failing over to network mode... ERR |VDDK error...
Design/Logic Flaw
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app...
CVE-2014-4495
The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app...
Apple TV and iOS Kernel Shared Memory Subsystem Elevation of Privilege Vulnerability
Apple iOS is the latest operating system for Apple's iPhone and iPod touch devices. Apple TV is Apple's way of allowing photos, videos and music from PCs and iPods to be transmitted wirelessly to a TV in high definition. Apple TV and iOS handle a security issue with the kernel's shared memory...
libvirt: dumpxml: information leak with migratable flag
It was found that when the VIRDOMAINXMLMIGRATABLE flag was used, the QEMU driver implementation of the virDomainGetXMLDesc function could bypass the restrictions of the VIRDOMAINXMLSECURE flag. A remote attacker able to establish a read-only connection to libvirtd could use this flaw to leak...
USN-2416-1: Linux kernel (EC2) vulnerabilities
Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service memory corruption or OOPS. CVE-2014-4608 Andy Lutomirski discovered that the Linux kernel was not checking the CAPSYSADMIN when remounting...
USN-2415-1: Linux kernel vulnerability
Don Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service memory corruption or OOPS. CVE-2014-4608 Andy Lutomirski discovered that the Linux kernel was not checking the CAPSYSADMIN when remounting...