Search Results (9531 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1290 2 Cisco, Sun 3 Evolved Programmable Network Manager, Prime Infrastructure, Opensolaris 2025-04-12 N/A
The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227.
CVE-2015-8754 1 Acquia 1 Mollom 2025-04-12 N/A
The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote attackers to bypass intended access restrictions and modify the mollom blacklist via unspecified vectors.
CVE-2014-5246 1 Tenda 2 A5s, A5s Firmware 2025-04-12 N/A
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
CVE-2015-8748 1 Radicale 1 Radicale 2025-04-12 N/A
Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*".
CVE-2016-2246 1 Hp 1 Thinpro 2025-04-12 N/A
HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors.
CVE-2014-0534 5 Adobe, Apple, Linux and 2 more 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more 2025-04-12 N/A
Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0535.
CVE-2014-7998 1 Cisco 21 Aironet 1040, Aironet 1140, Aironet 1260 and 18 more 2025-04-12 N/A
Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509.
CVE-2014-7999 1 Cisco 6 Meraki Mr, Meraki Mr Firmware, Meraki Ms and 3 more 2025-04-12 N/A
Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565.
CVE-2014-8027 1 Cisco 1 Secure Access Control System 2025-04-12 N/A
The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034.
CVE-2016-2855 1 Huawei 1 Mobile Broadband Hl Service 2025-04-12 N/A
The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll.
CVE-2015-5645 1 Icz 1 Matchasns 2025-04-12 N/A
ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors.
CVE-2014-4621 1 Emc 1 Documentum Content Server 2025-04-12 N/A
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.
CVE-2016-1990 1 Microfocus 1 Arcsight Enterprise Security Manager 2025-04-12 N/A
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
CVE-2014-3209 1 Nlnetlabs 1 Ldns 2025-04-12 N/A
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.
CVE-2014-3602 1 Redhat 1 Openshift 2025-04-12 N/A
Red Hat OpenShift Enterprise before 2.2 allows local users to obtain IP address and port number information for remote systems by reading /proc/net/tcp.
CVE-2015-5157 2 Linux, Redhat 9 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 6 more 2025-04-12 N/A
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
CVE-2014-1566 2 Google, Mozilla 2 Android, Firefox 2025-04-12 N/A
Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515.
CVE-2014-3088 1 Ibm 1 Sametime Meeting Server 2025-04-12 N/A
stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client to validate the file format used in wAttach?OpenForm multipart/form-data POST requests, which allows remote authenticated users to bypass intended upload restrictions by modifying the Content-Type header and file extension, as demonstrated by replacing a text/plain .txt upload with an application/octet-stream .exe upload.
CVE-2014-8368 1 Arubanetworks 1 Airwave 2025-04-12 N/A
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain privileges and execute arbitrary commands via unspecified vectors.
CVE-2015-4535 1 Emc 1 Documentum Content Server 2025-04-12 N/A
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket.