Total
1964 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5072 | 1 Bmc | 1 Remedy Ar System Server | 2024-08-06 | 6.5 Medium |
| The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter. | ||||
| CVE-2015-4719 | 1 Pexip | 1 Pexip Infinity | 2024-08-06 | 9.8 Critical |
| The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request. | ||||
| CVE-2015-4446 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-08-06 | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-5090 and CVE-2015-5106. | ||||
| CVE-2015-3613 | 1 Fortinet | 1 Fortimanager | 2024-08-06 | 9.8 Critical |
| A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page | ||||
| CVE-2015-2909 | 1 Netvu | 40 Ds2 \(dvtr\), Ds2 \(dvtr\) Firmware, Ds2 \(dvtu\) and 37 more | 2024-08-06 | 9.8 Critical |
| Dedicated Micros DV-IP Express, SD Advanced, SD, EcoSense, and DS2 devices rely on a GUI warning to help ensure that the administrator configures login credentials, which makes it easier for remote attackers to obtain access by leveraging situations in which this warning was not heeded. NOTE: the vendor states "The user is presented with clear warnings on the GUI that they should set usernames and passwords." | ||||
| CVE-2015-0949 | 2 Dell, Hp | 4 Latitude E6430, Latitude E6430 Firmware, Elitebook 850 G1 and 1 more | 2024-08-06 | 7.8 High |
| The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory. | ||||
| CVE-2015-0239 | 5 Canonical, Debian, Linux and 2 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2024-08-06 | N/A |
| The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. | ||||
| CVE-2016-15002 | 1 Ideracorp | 1 Webyog Monyog Ultimate | 2024-08-06 | 7.3 High |
| A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely. | ||||
| CVE-2016-11002 | 1 Elegantthemes | 1 Extra | 2024-08-06 | 8.8 High |
| The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. | ||||
| CVE-2016-11011 | 1 Usabilitydynamics | 1 Wp-invoice | 2024-08-06 | 6.5 Medium |
| The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. | ||||
| CVE-2016-11004 | 1 Elegantthemes | 1 Monarch | 2024-08-06 | 8.8 High |
| The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. | ||||
| CVE-2016-11003 | 1 Elegantthemes | 1 Monarch | 2024-08-06 | 8.8 High |
| The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. | ||||
| CVE-2016-10972 | 1 Tagdiv | 1 Newspaper | 2024-08-06 | 9.8 Critical |
| The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. | ||||
| CVE-2016-10971 | 1 Membersonic | 1 Membersonic | 2024-08-06 | 9.8 Critical |
| The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required. | ||||
| CVE-2016-10968 | 1 Peepso | 1 Peepso | 2024-08-06 | 8.8 High |
| The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation. | ||||
| CVE-2016-9928 | 3 Canonical, Debian, Mcabber | 3 Ubuntu Linux, Debian Linux, Mcabber | 2024-08-06 | 7.4 High |
| MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP packets. | ||||
| CVE-2016-9489 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-08-06 | N/A |
| In ManageEngine Applications Manager 12 and 13 before build 13200, an authenticated user is able to alter all of their own properties, including own group, i.e. changing their group to one with higher privileges like "ADMIN". A user is also able to change properties of another user, e.g. change another user's password. | ||||
| CVE-2016-8219 | 1 Cloudfoundry | 2 Capi-release, Cf-release | 2024-08-06 | 6.5 Medium |
| An issue was discovered in Cloud Foundry Foundation cf-release versions prior to 250 and CAPI-release versions prior to 1.12.0. A user with the SpaceAuditor role is over-privileged with the ability to restage applications. This could cause application downtime if the restage fails. | ||||
| CVE-2016-6590 | 1 Symantec | 4 Encryption Desktop, Endpoint Encryption, Ghost Solution Suite and 1 more | 2024-08-06 | 7.8 High |
| A privilege escalation vulnerability exists when loading DLLs during boot up and reboot in Symantec IT Management Suite 8.0 prior to 8.0 HF4 and Suite 7.6 prior to 7.6 HF7, Symantec Ghost Solution Suite 3.1 prior to 3.1 MP4, Symantec Endpoint Virtualization 7.x prior to 7.6 HF7, and Symantec Encryption Desktop 10.x prior to 10.4.1, which could let a local malicious user execute arbitrary code. | ||||
| CVE-2016-3376 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-08-05 | 7.8 High |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." a different vulnerability than CVE-2016-3266, CVE-2016-7185, and CVE-2016-7211. | ||||