CVEbaza.plSłownik CWECWE-264
Common Weakness Enumeration

CWE-264

CVE: 5489
Podatności CVE z CWE-264 (5489)
10.0
CVSS
CRITICAL
CVE-2016-8363

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server.

pub. 2017-02-13
10.0
CVSS
CRITICAL
CVE-2016-7457

VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote authenticated users to gain privileges, or halt and remove virtual machines, via unspecified vectors.

pub. 2016-12-29
10.0
CVSS
CRITICAL
CVE-2015-7425

The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.

pub. 2016-02-21
10.0
CVSS
CRITICAL
CVE-2015-8267

The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username.

pub. 2015-12-24
10.0
CVSS
CRITICAL
CVE-2015-7919

SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.

pub. 2015-12-21
10.0
CVSS
HIGH
CVE-2015-7071

The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname.

pub. 2015-12-11
10.0
CVSS
HIGH
CVE-2015-8440

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-8409 and CVE-2015-8453.

pub. 2015-12-10
10.0
CVSS
HIGH
CVE-2015-8236

Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716.

pub. 2015-11-19
10.0
CVSS
HIGH
CVE-2015-7861

Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending unspecified commands in an environment that lacks relationship-based firewalling.

pub. 2015-10-19
10.0
CVSS
HIGH
CVE-2015-7709

The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation.

pub. 2015-10-05
10.0
CVSS
HIGH
CVE-2015-0546

EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name.

pub. 2015-06-17
10.0
CVSS
HIGH
CVE-2015-4032

projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors.

pub. 2015-05-29
10.0
CVSS
HIGH
CVE-2015-3435

Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.

pub. 2015-05-01
10.0
CVSS
HIGH
CVE-2015-3459

The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.

pub. 2015-04-29
10.0
CVSS
HIGH
CVE-2015-0932

The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.

pub. 2015-04-05
10.0
CVSS
HIGH
CVE-2015-2284

userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling.

pub. 2015-03-24
10.0
CVSS
HIGH
CVE-2015-1498

Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact.

pub. 2015-02-16
10.0
CVSS
HIGH
CVE-2014-9353

NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors.

pub. 2015-02-06
10.0
CVSS
HIGH
CVE-2015-1448

The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors.

pub. 2015-02-02
10.0
CVSS
HIGH
CVE-2014-4495

The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app.

pub. 2015-01-30
Pokazano 20 z 5489 podatności
Informacje
ID: CWE-264
Podatności: 5489
MITRE CWE ↗
← Słownik CWE