Search Results (5477 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-3773 1 Google 1 Android 2025-04-12 N/A
The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008363 and MediaTek internal bug ALPS02703102.
CVE-2014-2200 1 Cisco 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more 2025-04-12 N/A
Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH session to a management interface, aka Bug ID CSCti11629.
CVE-2015-7016 1 Apple 1 Mac Os X 2025-04-12 N/A
The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app.
CVE-2014-3125 1 Xen 1 Xen 2025-04-12 N/A
Xen 4.4.x, when running on an ARM system, does not properly context switch the CNTKCTL_EL1 register, which allows local guest users to modify the hardware timers and cause a denial of service (crash) via unspecified vectors.
CVE-2014-2033 1 Bluecoat 1 Proxysgos 2025-04-12 N/A
The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials.
CVE-2014-1959 1 Gnu 1 Gnutls 2025-04-12 N/A
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
CVE-2015-6383 1 Cisco 1 Ios Xe 2025-04-12 N/A
Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130.
CVE-2015-6348 1 Cisco 1 Secure Access Control Server 2025-04-12 N/A
The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page.
CVE-2015-6347 1 Cisco 1 Secure Access Control Server 2025-04-12 N/A
The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page.
CVE-2014-6602 1 Microsoft 2 Nokia Asha 501, Nokia Asha 501 Software 2025-04-12 N/A
Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or dial arbitrary telephone numbers, by tapping the SOS Option and then tapping the Green Call Option.
CVE-2015-0691 1 Cisco 1 Secure Desktop 2025-04-12 N/A
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
CVE-2015-3256 3 Opensuse, Polkit Project, Redhat 3 Opensuse, Polkit, Enterprise Linux 2025-04-12 N/A
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
CVE-2015-5737 1 Fortinet 1 Forticlient 2025-04-12 N/A
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call.
CVE-2015-5735 1 Fortinet 1 Forticlient 2025-04-12 N/A
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call.
CVE-2015-8485 1 Cybozu 1 Office 2025-04-12 N/A
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8486, and CVE-2016-1152.
CVE-2015-8484 1 Cybozu 1 Office 2025-04-12 N/A
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8486, and CVE-2016-1152.
CVE-2015-5536 1 Belkin 2 N300 Dual-band Wi-fi Range Extender, N300 Dual-band Wi-fi Range Extender Firmware 2025-04-12 N/A
Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request.
CVE-2015-5228 2 Criu, Opensuse 2 Checkpoint\/restore In Userspace, Opensuse 2025-04-12 N/A
The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.
CVE-2015-5222 1 Redhat 1 Openshift 2025-04-12 N/A
Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors.
CVE-2015-5198 2 Canonical, Libvdpau Project 2 Ubuntu Linux, Libvdpau 2025-04-12 N/A
libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.