Search Results (9602 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-2521 1 Wireshark 1 Wireshark 2025-04-12 N/A
Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.
CVE-2015-1885 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vectors.
CVE-2016-9014 3 Canonical, Djangoproject, Fedoraproject 3 Ubuntu Linux, Django, Fedora 2025-04-12 N/A
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS.
CVE-2016-2556 2 Microsoft, Nvidia 3 Windows, Gpu Driver R340, Gpu Driver R352 2025-04-12 7.8 High
The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows improperly allows access to restricted functionality, which allows local users to gain privileges via unspecified vectors.
CVE-2015-1984 1 Ibm 1 Infosphere Master Data Management 2025-04-12 N/A
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks.
CVE-2016-2854 1 Linux 1 Linux Kernel 2025-04-12 7.8 High
The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
CVE-2016-2856 3 Canonical, Debian, Gnu 3 Ubuntu Linux, Debian Linux, Glibc 2025-04-12 N/A
pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option.
CVE-2016-2968 1 Ibm 1 Security Qradar Incident Forensics 2025-04-12 N/A
IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors.
CVE-2016-2984 1 Ibm 2 General Parallel File System, Spectrum Scale 2025-04-12 N/A
IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program.
CVE-2014-0534 5 Adobe, Apple, Linux and 2 more 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more 2025-04-12 N/A
Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0535.
CVE-2016-3157 2 Canonical, Xen 2 Ubuntu Linux, Xen 2025-04-12 N/A
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.
CVE-2015-2219 1 Lenovo 1 System Update 2025-04-12 N/A
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe.
CVE-2016-3169 2 Debian, Drupal 2 Debian Linux, Drupal 2025-04-12 N/A
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
CVE-2015-5888 1 Apple 1 Mac Os X 2025-04-12 N/A
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.
CVE-2015-5897 1 Apple 1 Mac Os X 2025-04-12 N/A
The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework.
CVE-2015-5961 1 Mozilla 1 Firefox Os 2025-04-12 N/A
The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to bypass intended access restrictions by spoofing that server.
CVE-2015-5995 2 Mediabridge, Tenda 3 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware, N3 Wireless N150 2025-04-12 N/A
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.
CVE-2015-6100 1 Microsoft 9 Windows 10, Windows 7, Windows 8 and 6 more 2025-04-12 N/A
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6101.
CVE-2015-8025 2 Canonical, Xscreensaver Project 2 Ubuntu Linux, Xscreensaver 2025-04-12 N/A
driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.
CVE-2015-6335 1 Cisco 1 Firesight System Software 2025-04-12 N/A
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839.