Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10121 | 1 Firejail Project | 1 Firejail | 2025-04-20 | N/A |
| Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges. | ||||
| CVE-2016-10122 | 1 Firejail Project | 1 Firejail | 2025-04-20 | N/A |
| Firejail does not properly clean environment variables, which allows local users to gain privileges. | ||||
| CVE-2016-10123 | 1 Firejail Project | 1 Firejail | 2025-04-20 | N/A |
| Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges. | ||||
| CVE-2015-8993 | 1 Mcafee | 3 Cloud Av, Security Scan Plus, Security Webadvisor | 2025-04-20 | N/A |
| Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. | ||||
| CVE-2015-8992 | 1 Mcafee | 3 Cloud Av, Security Scan Plus, Security Webadvisor | 2025-04-20 | N/A |
| Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. | ||||
| CVE-2015-8954 | 1 Openinfosecfoundation | 1 Suricata | 2025-04-20 | N/A |
| The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafted HTTP request. | ||||
| CVE-2015-7260 | 1 Vertiv | 1 Liebert Multilink Automated Shutdown | 2025-04-20 | 7.8 High |
| Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file. | ||||
| CVE-2015-7274 | 1 Dell | 2 Integrated Remote Access Controller 6, Integrated Remote Access Controller Firmware | 2025-04-20 | N/A |
| Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. | ||||
| CVE-2015-7359 | 4 Ciphershed, Idrix, Microsoft and 1 more | 4 Ciphershed, Veracrypt, Windows and 1 more | 2025-04-20 | N/A |
| The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes. | ||||
| CVE-2015-7875 | 1 Chaos Tool Suite Project | 1 Ctools | 2025-04-20 | N/A |
| ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page. | ||||
| CVE-2015-8110 | 1 Lenovo | 1 Lenovo System Update | 2025-04-20 | N/A |
| Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability." | ||||
| CVE-2015-8671 | 1 Huawei | 1 Logcenter | 2025-04-20 | N/A |
| Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions. | ||||
| CVE-2015-8768 | 2 Canonical, Click Project | 2 Ubuntu Linux, Click | 2025-04-20 | N/A |
| click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone. | ||||
| CVE-2015-5244 | 1 Mod Nss Project | 1 Mod Nss | 2025-04-20 | N/A |
| The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. | ||||
| CVE-2015-3188 | 1 Apache | 1 Storm | 2025-04-20 | N/A |
| The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2015-3222 | 1 Ossec | 1 Ossec | 2025-04-20 | N/A |
| syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root. | ||||
| CVE-2015-3229 | 1 Fedoraproject | 2 Atomic, Spin-kickstarts | 2025-04-20 | N/A |
| fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates. | ||||
| CVE-2015-4629 | 1 Huawei | 2 E5756s, E5756s Firmware | 2025-04-20 | N/A |
| Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions. | ||||
| CVE-2015-1324 | 1 Canonical | 1 Ubuntu Linux | 2025-04-20 | N/A |
| Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries. | ||||
| CVE-2015-1610 | 1 Opendaylight | 1 L2switch | 2025-04-20 | N/A |
| hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing." | ||||