Search Results (9586 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-10103 1 Oracle 1 Flexcube Private Banking 2025-04-20 N/A
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
CVE-2016-6527 1 Samsung 1 Samsung Mobile 2025-04-20 N/A
The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
CVE-2016-6526 1 Samsung 1 Samsung Mobile 2025-04-20 N/A
The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
CVE-2017-1000104 1 Jenkins 1 Config File Provider 2025-04-20 N/A
The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient permissions to configure the provided files, view the configuration of the folder in which the configuration files are defined, or have Job/Configure permissions to a job able to use these files.
CVE-2016-6788 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in the MediaTek I2C driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31224428. References: MT-ALPS02943467.
CVE-2016-5374 1 Netapp 1 Data Ontap 2025-04-20 N/A
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.
CVE-2016-4471 1 Redhat 2 Cloudforms, Cloudforms Managementengine 2025-04-20 N/A
ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.
CVE-2016-4435 1 Pivotal 1 Bosh Stemcell 2025-04-20 N/A
An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID.
CVE-2016-3998 1 Netapp 1 Altavault 2025-04-20 N/A
NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
CVE-2015-4523 1 Symantec 2 Malware Analysis Appliance, Malware Analyzer G2 2025-04-20 N/A
Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, cause a denial of service (host reboot or reset to factory defaults), or execute arbitrary code via vectors related to saving files during analysis.
CVE-2017-1000382 1 Vim 1 Vim 2025-04-20 N/A
VIM version 8.0.1187 (and other versions most likely) ignores umask when creating a swap file ("[ORIGINAL_FILENAME].swp") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the vi binary.
CVE-2016-4455 1 Redhat 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more 2025-04-20 3.3 Low
The Subscription Manager package (aka subscription-manager) before 1.17.7-1 for Candlepin uses weak permissions (755) for subscription-manager cache directories, which allows local users to obtain sensitive information by reading files in the directories.
CVE-2016-3067 1 Cygwin 1 Cygwin 2025-04-20 N/A
Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.
CVE-2017-16520 1 Inedo 1 Buildmaster 2025-04-20 N/A
Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.
CVE-2017-11681 1 Project Hashtopussy 1 Hashtopussy 2025-04-20 N/A
Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php.
CVE-2014-9262 1 Snapcreek 1 Duplicator 2025-04-20 N/A
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.
CVE-2016-7613 1 Apple 4 Iphone Os, Mac Os X, Safari and 1 more 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages object-lifetime mishandling during process spawning.
CVE-2016-7628 1 Apple 1 Mac Os X 2025-04-20 N/A
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Assets" component, which allows local users to bypass intended permission restrictions and change a downloaded mobile asset via unspecified vectors.
CVE-2015-5682 1 Powerplay Gallery Project 1 Powerplay Gallery 2025-04-20 N/A
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable.
CVE-2014-3222 1 Huawei 1 Espace Meeting 2025-04-20 N/A
In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources.