Search Results (9528 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-10372 1 Eir 2 D1000 Modem, D1000 Modem Firmware 2025-04-20 N/A
The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature.
CVE-2015-4685 1 Polycom 1 Realpresence Resource Manager 2025-04-20 N/A
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration.
CVE-2015-4045 1 Alienvault 1 Open Source Security Information Management 2025-04-20 N/A
The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script.
CVE-2014-8708 1 Pluck-cms 1 Pluck 2025-04-20 N/A
Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature.
CVE-2015-3617 1 Fortinet 1 Fortimanager Firmware 2025-04-20 N/A
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
CVE-2015-3229 1 Fedoraproject 2 Atomic, Spin-kickstarts 2025-04-20 N/A
fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates.
CVE-2015-1795 1 Redhat 3 Enterprise Linux, Gluster Storage, Storage 2025-04-20 N/A
Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root.
CVE-2015-1591 1 Kamailio 1 Kamailio 2025-04-20 N/A
The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.
CVE-2015-1590 1 Kamailio 1 Kamailio 2025-04-20 N/A
The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl.
CVE-2015-0162 1 Ibm 1 Security Siteprotector System 2025-04-20 N/A
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.
CVE-2014-9610 1 Netsweeper 1 Netsweeper 2025-04-20 N/A
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.
CVE-2016-10398 1 Google 1 Android 2025-04-20 N/A
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X.
CVE-2017-6954 1 Buddypress 1 Buddypress 2025-04-20 N/A
An issue was discovered in includes/component.php in the BuddyPress Docs plugin before 1.9.3 for WordPress. It is possible for authenticated users to edit documents of other users without proper permissions.
CVE-2015-5675 1 Freebsd 1 Freebsd 2025-04-20 N/A
The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic).
CVE-2013-6446 1 Cloudera 1 Cdh 2025-04-20 N/A
The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.
CVE-2015-5699 1 Cumulusnetworks 1 Cumulus Linux 2025-04-20 N/A
The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label.
CVE-2015-2889 1 Summerinfant 2 Baby Zoom Wifi Monitor, Baby Zoom Wifi Monitor Firmware 2025-04-20 8.8 High
Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to gain privileges via manual entry of a Settings URL.
CVE-2016-9197 1 Cisco 1 Mobility Services Engine 2025-04-20 N/A
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0).
CVE-2017-4982 1 Emc 1 Mainframe Enablers Resourcepak Base 2025-04-20 N/A
EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2016-9386 2 Citrix, Xen 2 Xenserver, Xen 2025-04-20 N/A
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.