Search Results (9605 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-13707 1 Axcient 1 Replibit 2025-04-20 9.8 Critical
Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd.
CVE-2017-5207 1 Firejail Project 1 Firejail 2025-04-20 N/A
Firejail before 0.9.44.4, when running a bandwidth command, allows local users to gain root privileges via the --shell argument.
CVE-2015-8965 2 Oracle, Perforce 2 Data Integrator, Jviews 2025-04-20 9.8 Critical
Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not require explicit configuration of servlets that can be called.
CVE-2016-2779 1 Kernel 1 Util-linux 2025-04-20 N/A
runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
CVE-2015-7358 4 Ciphershed, Idrix, Microsoft and 1 more 4 Ciphershed, Veracrypt, Windows and 1 more 2025-04-20 N/A
The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory.
CVE-2017-9724 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, user-level permissions can be used to gain access to kernel memory, specifically the ION cache maintenance code is writing to a user supplied address.
CVE-2016-8357 1 Lynxspring 1 Jenesys Bas Bridge 2025-04-20 N/A
An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application.
CVE-2016-5853 1 Google 1 Android 2025-04-20 N/A
In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value.
CVE-2015-0162 1 Ibm 1 Security Siteprotector System 2025-04-20 N/A
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges.
CVE-2016-5857 1 Google 1 Android 2025-04-20 N/A
The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140.
CVE-2016-8960 1 Ibm 1 Cognos Business Intelligence 2025-04-20 N/A
IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie value from its HTTP request and then reusing it in subsequent requests. IBM Reference #: 1993718.
CVE-2016-4041 1 Plone 1 Plone 2025-04-20 N/A
Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors.
CVE-2016-5861 1 Google 1 Android 2025-04-20 N/A
In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow.
CVE-2015-3617 1 Fortinet 1 Fortimanager Firmware 2025-04-20 N/A
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.
CVE-2016-8972 1 Ibm 2 Aix, Vios 2025-04-20 N/A
IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.
CVE-2016-5864 1 Google 1 Android 2025-04-20 N/A
In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access.
CVE-2016-5868 1 Google 1 Android 2025-04-20 N/A
drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process.
CVE-2013-7432 1 Mapsplugin 1 Googlemaps 2025-04-20 N/A
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism.
CVE-2014-9922 2 Google, Linux 2 Android, Linux Kernel 2025-04-20 N/A
The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.
CVE-2016-6028 1 Ibm 1 Rational Collaborative Lifecycle Management 2025-04-20 N/A
IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view.