Total
5226 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4629 | 1 Huawei | 2 E5756s, E5756s Firmware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions. | |||||
| CVE-2016-7818 | 1 Japan Pension Service | 4 Device Data Encryption Program, Specification Check Program, Todokesho Creation Program and 1 more | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2016-10364 | 1 Elastic | 1 Kibana | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions. | |||||
| CVE-2016-5860 | 1 Google | 1 Android | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
| In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow. | |||||
| CVE-2015-5699 | 1 Cumulusnetworks | 1 Cumulus Linux | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label. | |||||
| CVE-2016-7845 | 1 Gigaccsecure | 1 Gigacc Office | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
| GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload arbitrary files as a user profile image, which may be exploited for unauthorized file sharing. | |||||
| CVE-2016-5859 | 1 Google | 1 Android | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
| In a sound driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a buffer overflow. | |||||
| CVE-2015-5675 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic). | |||||
| CVE-2015-4683 | 1 Polycom | 1 Realpresence Resource Manager | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests. | |||||
| CVE-2015-2673 | 1 Wpeasycart | 1 Wp Easycart | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in inc/admin/admin_ajax_functions.php in the WP EasyCart plugin 1.1.30 through 3.0.20 for WordPress allow remote attackers to gain administrator privileges and execute arbitrary code via the option_name and option_value parameters. | |||||
| CVE-2016-6804 | 2 Apache, Microsoft | 2 Openoffice, Windows | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon. | |||||
| CVE-2015-3643 | 2 Canonical, Usb-creator Project | 2 Ubuntu Linux, Usb-creator | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method. | |||||
| CVE-2014-7851 | 2 Ovirt, Redhat | 2 Ovirt, Ovirt-engine | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
| oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user. | |||||
| CVE-2014-9610 | 1 Netsweeper | 1 Netsweeper | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php. | |||||
| CVE-2016-8493 | 1 Fortinet | 1 Forticlient | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. | |||||
| CVE-2016-2959 | 1 Ibm | 1 Sametime | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room manager to remove the primary managers privileges. IBM X-Force ID: 113804. | |||||
| CVE-2015-1378 | 1 Grml | 1 Grml-debootstrap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users. | |||||
| CVE-2014-0087 | 1 Redhat | 1 Cloudforms Management Engine | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authorization and gain privileges by leveraging improper RBAC checking, related to the rbac_user_edit action. | |||||
| CVE-2016-9972 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 120208. | |||||
| CVE-2016-3084 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2024-02-28 | 4.3 MEDIUM | 8.1 HIGH |
| The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected. | |||||