Total
5226 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0267 | 1 Apache | 1 Vcl | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or conduct cross-site scripting (XSS) attacks by leveraging improper data validation. | |||||
| CVE-2014-9959 | 1 Google | 1 Android | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694. | |||||
| CVE-2015-1416 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file. | |||||
| CVE-2014-10057 | 1 Qualcomm | 28 Mdm9615, Mdm9615 Firmware, Mdm9625 and 25 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions. | |||||
| CVE-2014-9503 | 1 Open Atrium Project | 1 Open Atrium | 2024-02-28 | 5.5 MEDIUM | 6.5 MEDIUM |
| The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging improper access checks on unspecified ajax callbacks. | |||||
| CVE-2014-1946 | 1 Opendocman | 1 Opendocman | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to themselves via a crafted request to signup.php. | |||||
| CVE-2015-7964 | 1 Gemalto | 1 Safenet Authentication Service For Nps Agent | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | |||||
| CVE-2014-1889 | 1 Buddypress | 1 Buddypress | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check. | |||||
| CVE-2016-10457 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, app is requesting more permissions than required. | |||||
| CVE-2013-3947 | 1 Ahnlab | 1 V3 Internet Security | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call. | |||||
| CVE-2015-7963 | 1 Gemalto | 1 Safenet Authentication Service For Ad Fs Agent | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | |||||
| CVE-2014-9954 | 1 Google | 1 Android | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559. | |||||
| CVE-2015-2560 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-02-28 | 5.0 MEDIUM | 9.8 CRITICAL |
| Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. | |||||
| CVE-2015-7317 | 2 Kupu Project, Plone | 2 Kupu, Plone | 2024-02-28 | 4.9 MEDIUM | 6.8 MEDIUM |
| Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings. | |||||
| CVE-2016-5863 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses. | |||||
| CVE-2015-3229 | 1 Fedoraproject | 2 Atomic, Spin-kickstarts | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates. | |||||
| CVE-2015-1878 | 1 Thalesesecurity | 7 Nshield Connect 1500, Nshield Connect 1500\+, Nshield Connect 500 and 4 more | 2024-02-28 | 4.6 MEDIUM | 6.8 MEDIUM |
| Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device on a network, affect the integrity and confidentiality of newly created keys, and potentially cause other unspecified impacts using previously loaded keys by connecting to the USB port on the front panel. | |||||
| CVE-2013-7432 | 1 Mapsplugin | 1 Googlemaps | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism. | |||||
| CVE-2015-4165 | 1 Elasticsearch | 1 Elasticsearch | 2024-02-28 | 6.0 MEDIUM | 7.5 HIGH |
| The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code. | |||||
| CVE-2014-5070 | 1 Microsemi | 2 S350i, S350i Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page. | |||||