Export limit exceeded: 12845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12845 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-6784 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350755. References: MT-ALPS02961424.
CVE-2016-6783 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350044. References: MT-ALPS02943437.
CVE-2017-3509 2 Oracle, Redhat 6 Jdk, Jre, Enterprise Linux and 3 more 2025-04-20 N/A
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N).
CVE-2014-3928 1 Lg Project 1 Lg 2025-04-20 N/A
Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials.
CVE-2014-3929 1 Lg Project 1 Lg 2025-04-20 N/A
The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys.
CVE-2014-3930 1 Lg Project 1 Lg 2025-04-20 N/A
lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials.
CVE-2016-6782 1 Linux 1 Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31224389. References: MT-ALPS02943506.
CVE-2014-9489 1 Gollum Project 3 Gollum, Gollum-lib, Grit Adapter 2025-04-20 N/A
The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -O or --open-files-in-pager flags.
CVE-2016-6781 1 Linux 1 Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31095175. References: MT-ALPS02943455.
CVE-2016-6780 1 Linux 1 Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31251496.
CVE-2014-9611 1 Netsweeper 1 Netsweeper 2025-04-20 N/A
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.
CVE-2014-9618 1 Netsweeper 1 Netsweeper 2025-04-20 N/A
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
CVE-2016-6779 1 Linux 1 Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in the HTC sound codec driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31386004.
CVE-2017-1264 1 Ibm 1 Security Guardium 2025-04-20 N/A
IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739.
CVE-2017-9316 1 Dahuasecurity 18 Ipc-hdbw4x00, Ipc-hdbw4x00 Firmware, Ipc-hdbw5x00 and 15 more 2025-04-20 N/A
Firmware upgrade authentication bypass vulnerability was found in Dahua IPC-HDW4300S and some IP products. The vulnerability was caused by internal Debug function. This particular function was used for problem analysis and performance tuning during product development phase. It allowed the device to receive only specific data (one direction, no transmit) and therefore it was not involved in any instance of collecting user privacy data or allowing remote code execution.
CVE-2017-14018 1 Ethicon 2 Endo-surgery Generator Gen11, Endo-surgery Generator Gen11 Firmware 2025-04-20 N/A
An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability.
CVE-2015-3442 1 Soreco 1 Xpert.line 2025-04-20 N/A
Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call.
CVE-2015-4649 1 Arubanetworks 1 Clearpass 2025-04-20 N/A
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.
CVE-2017-5237 1 Eviewgps 2 Ev-07s Gps Tracker, Ev-07s Gps Tracker Firmware 2025-04-20 N/A
Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"
CVE-2017-5254 1 Cambiumnetworks 4 Epmp 1000, Epmp 1000 Firmware, Epmp 2000 and 1 more 2025-04-20 N/A
In version 3.5 and prior of Cambium Networks ePMP firmware, the non-administrative users 'installer' and 'home' have the capability of changing passwords for other accounts, including admin, after disabling a client-side protection mechanism.