Search Results (9600 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-3915 1 Google 1 Android 2025-04-12 N/A
camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30591838.
CVE-2011-4573 1 Redhat 1 Jboss Operations Network 2025-04-12 N/A
Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail.
CVE-2014-5268 1 Fasttoggle Project 1 Fasttoggle 2025-04-12 N/A
The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link.
CVE-2015-1085 1 Apple 1 Iphone Os 2025-04-12 N/A
AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.
CVE-2014-3632 2 Openstack, Redhat 2 Neutron, Openstack 2025-04-12 N/A
The default configuration in a sudoers file in the Red Hat openstack-neutron package before 2014.1.2-4, as used in Red Hat Enterprise Linux Open Stack Platform 5.0 for Red Hat Enterprise Linux 6, allows remote attackers to gain privileges via a crafted configuration file. NOTE: this vulnerability exists because of a CVE-2013-6433 regression.
CVE-2014-1552 1 Mozilla 2 Firefox, Thunderbird 2025-04-12 N/A
Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.
CVE-2016-8632 1 Linux 1 Linux Kernel 2025-04-12 7.8 High
The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.
CVE-2014-3689 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 N/A
The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling.
CVE-2015-3704 1 Apple 1 Mac Os X 2025-04-12 N/A
runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
CVE-2014-8131 1 Redhat 1 Libvirt 2025-04-12 N/A
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.
CVE-2014-3790 1 Vmware 1 Vcenter Server Appliance 2025-04-12 N/A
Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.
CVE-2014-4124 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-4123.
CVE-2014-4200 2 Redhat, Vmware 4 Enterprise Linux, Tools, Vm-support and 1 more 2025-04-12 N/A
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.
CVE-2016-5729 1 Lenovo 1 Bios Efi Driver 2025-04-12 8.2 High
Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors.
CVE-2016-5723 1 Huawei 1 Fusioninsight Hd 2025-04-12 N/A
Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors.
CVE-2016-8103 1 Intel 19 Canyon Bios, Citry Bios, City Bios and 16 more 2025-04-12 N/A
SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform.
CVE-2016-8102 1 Intel 1 Wireless Bluetooth Drivers 2025-04-12 N/A
Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges.
CVE-2014-4685 1 Siemens 2 Simatic Pcs7, Wincc 2025-04-12 N/A
Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.
CVE-2014-8904 1 Ibm 2 Aix, Vios 2025-04-12 N/A
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.
CVE-2014-4684 1 Siemens 2 Simatic Pcs7, Wincc 2025-04-12 N/A
The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.