CVE-2014-5040

CVE-2014-5040 affects HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1. Remote authenticated users can bypass access restrictions and modify (1) access key credentials by knowing a key ID or (2) signing certificates by knowing a certificate ID. This is the conc...

Input validation

The portal in IBM Tivoli Monitoring ITM 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input...

CVE-2015-5003

The portal in IBM Tivoli Monitoring ITM 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input...

CVE-2015-4962

Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management CLM 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager RQM 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational Team...

CVE-2015-5003

The portal in IBM Tivoli Monitoring ITM 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view authority and providing crafted input...

CVE-2015-5051

IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified...

CVE-2015-2007

Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL...

Design/Logic Flaw

The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware aka Spectrum Protect for Virtual Environments 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware aka Spectrum Protect Snapshot 4.1 before 4.1.4 allows...

DEBIAN-CVE-2015-8467

The samldbcheckuseraccountcontrolacl function in dsdb/samdb/ldbmodules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass...

SAP Mobile Platform SysAdminWebTool servlets elevation of privilege vulnerability

SAP Mobile Platform is a set of mobile application development platform from SAP. A security vulnerability in the SysAdminWebTool servlets of SAP Mobile Platform allows remote attackers to bypass authentication and gain access to sensitive information and privileges...

Design/Logic Flaw

EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption SEE before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump...

Cisco EPC3928 devices with EDVA security mechanism bypass vulnerability

The Cisco EPC3928 devices is a wireless router product from Cisco USA. A security mechanism bypass vulnerability exists in Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11,5.7.1. Allows remote attackers to pass expected authentication requirements and perform unspecified administrative functions vi...

CVE-2015-8570

CVE-2015-8570 involves Lepide Active Directory Self Service. The vulnerability allows remote authenticated domain users to change arbitrary domain passwords via crafted requests during the password reset process, due to a flaw in how the reset functionality is processed. Multiple sources (NVD ent...

UBUNTU-CVE-2015-5343

Integer overflow in util.c in moddavsvn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service subversion server crash or memory consumption and possibly execute arbitrary code via a skel-encoded request body, which...

CVE-2015-6422

The CVE-2015-6422 entry concerns Cisco Unified Communications Domain Manager (CUCDM) self-service application in version 10.6(1). The vulnerability arises from improper handling of malformed requests by the self-service component, allowing an authenticated remote user to cause a denial of service...

CVE-2015-6419

Cisco FireSIGHT Management Center (versions 4.10.3, 5.2.0, 5.3.0, 5.3.1, 5.4.0) contains an information-disclosure vulnerability in the GET request handling. An authenticated, remote attacker can trigger the flaw by sending crafted GET requests due to improper sanitation of user-supplied input, p...

CVE-2015-3628

The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0, BIG-IP GTM 11.3.0 before 11.6.0 HF6,...

McAfee Enterprise Security Manager Security Mechanism Bypass Vulnerability

McAfee Enterprise Security ManagerA security management product from the U.S.-based McAfee that calculates real-time baseline activity on all information collected and provides prioritized alerts on potential threats before they occur. A security mechanism bypass vulnerability exists in McAfee...

PYSEC-2015-41

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider SP owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name...

ZTE ZXHN H108N R1A Privilege Bypass Vulnerability

The ZTE ZXHN H108N R1A is a wireless router product from China's ZTE Corporation. A security vulnerability exists in ZTE ZXHN H108N R1A ZTE.bhs.ZXHNH108NR1A.hPE that allows remote attackers to authenticate using a pre-existing account and perform unauthorized operations by manipulating a paramete...