Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7707 | 1 Igniterealtime | 1 Openfire | 2024-02-28 | 6.5 MEDIUM | N/A |
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp. | |||||
CVE-2016-3799 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175025 and MediaTek internal bug ALPS02693738. | |||||
CVE-2015-8939 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021. | |||||
CVE-2016-2293 | 1 Accuenergy | 4 Acuvim Ii, Acuvim Ii Net Firmware, Acuvim Iir and 1 more | 2024-02-28 | 7.5 HIGH | 8.6 HIGH |
The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. | |||||
CVE-2015-7709 | 1 Arkeia | 1 Western Digital Arkeia | 2024-02-28 | 10.0 HIGH | N/A |
The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation. | |||||
CVE-2015-6101 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2024-02-28 | 6.9 MEDIUM | N/A |
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6100. | |||||
CVE-2016-5248 | 1 Lenovo | 1 Solution Center | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows local users to terminate arbitrary processes via the PID argument. | |||||
CVE-2016-2288 | 1 Cogentdatahub | 1 Cogent Datahub | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. | |||||
CVE-2015-5498 | 1 Shipwire Api Project | 1 Shipwire Api | 2024-02-28 | 5.0 MEDIUM | N/A |
The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page. | |||||
CVE-2015-8660 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. | |||||
CVE-2015-3283 | 1 Openafs | 1 Openafs | 2024-02-28 | 6.8 MEDIUM | N/A |
OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. | |||||
CVE-2015-1974 | 1 Ibm | 1 Tivoli Directory Server | 2024-02-28 | 6.5 MEDIUM | N/A |
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors. | |||||
CVE-2016-3310 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3309, and CVE-2016-3311. | |||||
CVE-2016-1742 | 1 Apple | 1 Itunes | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
CVE-2016-1416 | 1 Cisco | 1 Prime Collaboration Provisioning | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. | |||||
CVE-2015-6520 | 1 Ippusbxd Project | 1 Ippusbxd | 2024-02-28 | 7.5 HIGH | N/A |
IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request. | |||||
CVE-2015-2430 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2024-02-28 | 9.3 HIGH | N/A |
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified filesystem actions via a crafted application, aka "Windows Filesystem Elevation of Privilege Vulnerability." | |||||
CVE-2015-6619 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | N/A |
The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714. | |||||
CVE-2015-8485 | 1 Cybozu | 1 Office | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152. | |||||
CVE-2015-8236 | 1 Arista | 1 Eos | 2024-02-28 | 10.0 HIGH | N/A |
Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, 4.14 before 4.14.5FX.5, and 4.15 before 4.15.0FX1.1 allows remote attackers to execute arbitrary code as root by leveraging management-plane access, aka Bug 138716. |