Search Results (5673 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1336 3 Canonical, Debian, Man-db Project 3 Ubuntu Linux, Debian Linux, Man-db 2025-04-20 N/A
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
CVE-2015-8697 1 Stalin Project 1 Stalin 2025-04-20 N/A
stalin 0.11-5 allows local users to write to arbitrary files.
CVE-2015-9021 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled.
CVE-2015-9024 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications.
CVE-2015-9040 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API.
CVE-2015-9064 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated.
CVE-2016-1178 1 Appleple 1 A-blog Cms 2025-04-20 N/A
The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.
CVE-2016-2788 1 Puppet 2 Marionette Collective, Puppet Enterprise 2025-04-20 N/A
MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command.
CVE-2015-7501 1 Redhat 22 Data Grid, Enterprise Linux, Jboss A-mq and 19 more 2025-04-20 N/A
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
CVE-2016-0214 1 Ibm 1 Bigfix Platform 2025-04-20 N/A
IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an unsuspecting victim to execute the file.
CVE-2016-0308 1 Ibm 1 Connections 2025-04-20 N/A
IBM Connections 5.5 and earlier is vulnerable to possible link manipulation attack that could result in the display of inappropriate background images.
CVE-2016-3729 1 Moodle 1 Moodle 2025-04-20 N/A
The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator.
CVE-2017-1002100 1 Kubernetes 1 Kubernetes 2025-04-20 N/A
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.
CVE-2014-8362 1 Vivint 2 Sky Control Panel, Sky Control Panel Firmware 2025-04-20 N/A
Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface.
CVE-2016-5964 1 Ibm 1 Security Privileged Identity Manager 2025-04-20 N/A
IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.
CVE-2017-14031 1 Trihedral 1 Vtscada 2025-04-20 N/A
An Improper Access Control issue was discovered in Trihedral VTScada 11.3.03 and prior. A local, non-administrator user has privileges to read and write to the file system of the target machine.
CVE-2016-7408 1 Dropbear Ssh Project 1 Dropbear Ssh 2025-04-20 N/A
The dbclient in Dropbear SSH before 2016.74 allows remote attackers to execute arbitrary code via a crafted (1) -m or (2) -c argument.
CVE-2016-8032 1 Mcafee 1 Anti-malware Scan Engine 2025-04-20 N/A
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file.
CVE-2016-8236 1 Lenovo 6 Thinkserver Firmware, Thinkserver Rd350, Thinkserver Rd450 and 3 more 2025-04-20 N/A
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77.
CVE-2016-8274 1 Huawei 1 Hisuite 2025-04-20 N/A
Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code.