Total
5446 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2013-1662 | 1 Vmware | 2 Player, Workstation | 2024-09-17 | N/A |
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function. | ||||
CVE-2016-8482 | 1 Google | 1 Android | 2024-09-17 | N/A |
An elevation of privilege vulnerability in the NVIDIA GPU driver. Product: Android. Versions: Android kernel. Android ID: A-31799863. References: N-CVE-2016-8482. | ||||
CVE-2012-2719 | 2 Blaine Lang, Drupal | 2 Filedepot, Drupal | 2024-09-17 | N/A |
The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed using multiple different browsers from the same IP address, causes Internet Explorer sessions to "switch users" when uploading a file, which has unspecified impact possibly involving file uploads to the wrong user directory, aka "Session Management Vulnerability." | ||||
CVE-2015-9016 | 1 Google | 1 Android | 2024-09-17 | N/A |
In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046. | ||||
CVE-2011-3172 | 1 Suse | 1 Suse Linux Enterprise Server | 2024-09-17 | N/A |
A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12. | ||||
CVE-2003-1575 | 2 Sun, Symantec | 2 Solaris, Vxfs | 2024-09-17 | N/A |
VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem. | ||||
CVE-2015-9008 | 1 Google | 1 Android | 2024-09-17 | N/A |
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689. | ||||
CVE-2022-42459 | 1 Oxilab | 1 Image Hover Effects Ultimate | 2024-09-17 | 7.2 High |
Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress. | ||||
CVE-2015-7227 | 1 Fieldable Panels Panes Project | 1 Fieldable Panels Panes | 2024-09-17 | N/A |
The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes by leveraging permissions to edit panels. | ||||
CVE-2004-2769 | 1 Cerberusftp | 1 Ftp Server | 2024-09-17 | N/A |
Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands. | ||||
CVE-2019-15277 | 1 Cisco | 1 Telepresence Collaboration Endpoint | 2024-09-17 | 6.7 Medium |
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, local attacker to execute code with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating as the remote support user and sending malicious traffic to a listener who is internal to the device. A successful exploit could allow the attacker to execute commands with root privileges. | ||||
CVE-2014-10057 | 1 Qualcomm | 28 Mdm9615, Mdm9615 Firmware, Mdm9625 and 25 more | 2024-09-17 | N/A |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions. | ||||
CVE-2012-1434 | 4 Ahnlab, Emsisoft, Ikarus and 1 more | 4 V3 Internet Security, Anti-malware, Ikarus Virus Utilities T3 Command Line Scanner and 1 more | 2024-09-17 | N/A |
The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations. | ||||
CVE-2007-6740 | 1 G.rodola | 1 Pyftpdlib | 2024-09-17 | N/A |
The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does not limit the number of attempts to discover a unique filename, which might allow remote authenticated users to cause a denial of service via a STOU command. | ||||
CVE-2018-0284 | 1 Cisco | 12 Meraki Mr, Meraki Mr 24 Firmware, Meraki Mr 25 Firmware and 9 more | 2024-09-17 | N/A |
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited. | ||||
CVE-2010-5291 | 1 Amberdms | 1 Amberdms Billing System | 2024-09-17 | N/A |
Amberdms Billing System (ABS) before 1.4.1 does not properly implement blacklisting after detection of invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force approach. | ||||
CVE-2010-2099 | 1 E107 | 1 E107 | 2024-09-17 | N/A |
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method. | ||||
CVE-2013-6918 | 1 Satechi | 1 Smart Travel Router | 2024-09-17 | N/A |
The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests. | ||||
CVE-2011-2777 | 1 Tedfelix | 1 Acpid2 | 2024-09-17 | N/A |
samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands. | ||||
CVE-2013-5548 | 1 Cisco | 1 Ios | 2024-09-17 | N/A |
The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795. |