Search Results (5677 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5714 1 Puppet 2 Puppet Agent, Puppet Enterprise 2025-04-20 7.2 High
Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability."
CVE-2015-3840 1 Google 1 Android 2025-04-20 N/A
The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.
CVE-2014-4707 1 Huawei 6 Campus S7700, Campus S7700 Firmware, Campus S9300 and 3 more 2025-04-20 N/A
Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300 allow unauthorized users to upgrade the bootrom or bootload software, bypass a Menu protection mechanism, conduct a Menu compromise attack, or bypass a Menu/upgrade protection mechanism.
CVE-2015-4649 1 Arubanetworks 1 Clearpass 2025-04-20 N/A
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.
CVE-2014-3930 1 Lg Project 1 Lg 2025-04-20 N/A
lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials.
CVE-2015-6023 1 Netcommwireless 2 Hspa 3g10wve, Hspa 3g10wve Firmware 2025-04-20 N/A
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands.
CVE-2014-3929 1 Lg Project 1 Lg 2025-04-20 N/A
The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys.
CVE-2017-6016 1 Leao Consultoria E Desenvolvimento De Sistemas 1 Ltda Me Laquis Scada 2025-04-20 N/A
An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges.
CVE-2015-7494 1 Ibm 2 Cloud Orchestrator, Smartcloud Orchestrator 2025-04-20 N/A
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.
CVE-2014-3928 1 Lg Project 1 Lg 2025-04-20 N/A
Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials.
CVE-2015-5293 1 Redhat 1 Enterprise Virtualization Manager 2025-04-20 N/A
Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid SLAAC IPv6 addresses to interfaces when "boot protocol" is set to None, which might allow remote attackers to communicate with a system designated to be unreachable.
CVE-2016-9956 3 Debian, Fedoraproject, Flightgear 3 Debian Linux, Fedora, Flightgear 2025-04-20 N/A
The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.
CVE-2017-15114 1 Redhat 1 Openstack Platform 2025-04-20 N/A
When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes.
CVE-2015-8008 2 Fedoraproject, Mediawiki 2 Fedora, Mediawiki 2025-04-20 N/A
The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token.
CVE-2017-17448 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2025-04-20 N/A
net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.
CVE-2016-9818 1 Xen 1 Xen 2025-04-20 N/A
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
CVE-2015-9047 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup.
CVE-2015-9006 1 Google 1 Android 2025-04-20 N/A
In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.
CVE-2015-9029 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory.
CVE-2016-9415 2 Microsoft, Mybb 3 Windows, Merge System, Mybb 2025-04-20 N/A
MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import."