Search Results (5477 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3848 1 Imember360 1 Imember360 2025-04-12 N/A
The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter.
CVE-2014-3663 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors.
CVE-2014-3665 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 N/A
Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveraging access to the slave.
CVE-2016-3904 1 Google 1 Android 2025-04-12 N/A
An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30311977. References: Qualcomm QC-CR#1050455.
CVE-2016-6704 1 Google 1 Android 2025-04-12 N/A
An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-30229821.
CVE-2016-6717 1 Google 1 Android 2025-04-12 N/A
An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability. Android ID: A-31350239.
CVE-2016-6729 1 Google 1 Android 2025-04-12 N/A
An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684.
CVE-2016-6730 1 Google 1 Android 2025-04-12 N/A
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30904789. References: NVIDIA N-CVE-2016-6730.
CVE-2016-2445 1 Google 2 Android, Nexus 9 2025-04-12 N/A
The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079.
CVE-2015-8267 1 Dovestones 1 Ad Self Password Reset 2025-04-12 N/A
The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username.
CVE-2016-0178 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-12 N/A
The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles free operations, which allows remote attackers to execute arbitrary code via malformed RPC requests, aka "RPC Network Data Representation Engine Elevation of Privilege Vulnerability."
CVE-2013-2027 2 Jython Project, Opensuse 2 Jython, Opensuse 2025-04-12 N/A
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
CVE-2016-3266 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-12 N/A
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3376, CVE-2016-7185, and CVE-2016-7211.
CVE-2015-2791 1 Wpml 1 Wpml 2025-04-12 N/A
The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.
CVE-2016-7444 2 Gnu, Redhat 2 Gnutls, Enterprise Linux 2025-04-12 N/A
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
CVE-2015-3082 5 Adobe, Apple, Linux and 2 more 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more 2025-04-12 N/A
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3083 and CVE-2015-3085.
CVE-2016-2489 1 Google 1 Android 2025-04-12 N/A
The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407629.
CVE-2016-2060 1 Google 1 Android 2025-04-12 N/A
server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application.
CVE-2015-2758 1 Mcafee 1 Data Loss Prevention Endpoint 2025-04-12 N/A
The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or possibly have other unspecified impact via a crafted URL.
CVE-2015-8941 1 Google 1 Android 2025-04-12 N/A
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473.