Search Results (5496 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-4382 1 Hp 1 Performance Center 2025-04-12 N/A
HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue.
CVE-2014-7298 1 Centrify 2 Centrify Suite, Directcontrol 2025-04-12 N/A
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.
CVE-2016-1531 1 Exim 1 Exim 2025-04-12 N/A
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
CVE-2016-4565 4 Canonical, Debian, Linux and 1 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2025-04-12 7.8 High
The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface.
CVE-2016-4573 1 Fortinet 22 Fortiswitch, Fsw-1024d, Fsw-1048d and 19 more 2025-04-12 N/A
Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account.
CVE-2016-2521 1 Wireshark 1 Wireshark 2025-04-12 N/A
Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.
CVE-2014-0640 1 Emc 1 Rsa Archer Egrc 2025-04-12 N/A
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.
CVE-2014-3431 2 Apple, Symantec 3 Mac Os X, Encryption Desktop, Pgp Desktop 2025-04-12 N/A
Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors.
CVE-2014-3132 1 Sap 1 Background Processing 2025-04-12 N/A
SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.
CVE-2014-3417 1 Jasig 1 Uportal 2025-04-12 N/A
uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet.
CVE-2014-3416 1 Jasig 1 Uportal 2025-04-12 N/A
uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet.
CVE-2016-2313 2 Cacti, Opensuse 3 Cacti, Leap, Opensuse 2025-04-12 N/A
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.
CVE-2014-0849 1 Ibm 2 Maximo Asset Management, Smartcloud Control Desk 2025-04-12 N/A
IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups.
CVE-2015-1029 1 Puppet 2 Puppet Enterprise, Stdlib 2025-04-12 N/A
The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.
CVE-2016-2160 1 Redhat 2 Openshift, Openshift Origin 2025-04-12 N/A
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image.
CVE-2016-3843 1 Google 1 Android 2025-04-12 N/A
Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.
CVE-2014-4757 1 Ibm 1 Content Collector 2025-04-12 N/A
The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0-ICC-OE-IF004 allows local users to bypass the intended Reviewer privilege requirement and read e-mail messages from an arbitrary mailbox by invoking the Search function.
CVE-2015-3290 1 Linux 1 Linux Kernel 2025-04-12 N/A
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
CVE-2016-4802 1 Haxx 1 Curl 2025-04-12 N/A
Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.
CVE-2016-3693 2 Redhat, Safemode Project 3 Satellite, Satellite Capsule, Safemode 2025-04-12 N/A
The Safemode gem before 1.2.4 for Ruby, when initialized with a delegate object that is a Rails controller, allows context-dependent attackers to obtain sensitive information via the inspect method.