Search Results (9542 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2741 1 Igniterealtime 1 Openfire 2025-04-12 N/A
nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
CVE-2014-2742 1 Isode 1 M-link 2025-04-12 N/A
Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack.
CVE-2014-2748 1 Sap 2 Enhancement Package, Erp 2025-04-12 N/A
The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2016-2363 1 Fonality 1 Fonality 2025-04-12 N/A
Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 uses weak permissions for the /var/www/rpc/surun script, which allows local users to obtain root access for unspecified command execution by leveraging access to the nobody account.
CVE-2014-0060 2 Postgresql, Redhat 4 Postgresql, Cloudforms Managementengine, Enterprise Linux and 1 more 2025-04-12 N/A
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
CVE-2014-0061 2 Postgresql, Redhat 4 Postgresql, Cloudforms Managementengine, Enterprise Linux and 1 more 2025-04-12 N/A
The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions.
CVE-2014-0249 2 Fedoraproject, Redhat 2 Sssd, Enterprise Linux 2025-04-12 N/A
The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors.
CVE-2016-3697 4 Docker, Linuxfoundation, Opensuse and 1 more 4 Docker, Runc, Opensuse and 1 more 2025-04-12 7.8 High
libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.
CVE-2016-9215 1 Cisco 1 Ios Xr 2025-04-12 N/A
A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE.
CVE-2016-7188 1 Microsoft 1 Windows 10 2025-04-12 N/A
The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability."
CVE-2014-0470 1 Super Project 1 Super 2025-04-12 N/A
super.c in Super 3.30.0 does not check the return value of the setuid function when the -F flag is set, which allows local users to gain privileges via unspecified vectors, aka an RLIMIT_NPROC attack.
CVE-2016-2393 1 Lenovo 2 Fingerprint Manager, Touch Fingerprint 2025-04-12 N/A
Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks.
CVE-2015-6395 1 Cisco 1 Prime Service Catalog 2025-04-12 N/A
Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188.
CVE-2014-0484 1 Canonical 1 Acpi-support 2025-04-12 N/A
The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."
CVE-2016-2457 1 Google 1 Android 2025-04-12 N/A
server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to bypass intended restrictions on Wi-Fi configuration changes by leveraging guest access, aka internal bug 27411179.
CVE-2016-2504 1 Google 1 Android 2025-04-12 N/A
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.
CVE-2016-3796 1 Google 1 Android 2025-04-12 N/A
The MediaTek power driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29008443 and MediaTek internal bug ALPS02677244.
CVE-2016-2556 2 Microsoft, Nvidia 3 Windows, Gpu Driver R340, Gpu Driver R352 2025-04-12 7.8 High
The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors.
CVE-2015-6606 1 Google 1 Android 2025-04-12 N/A
The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22301786.
CVE-2015-6621 1 Google 1 Android 2025-04-12 N/A
SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438.