Search Results (9601 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4544 1 Emc 1 Documentum Content Server 2025-04-12 N/A
EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626.
CVE-2015-6860 1 Hp 54 J8692a, J8693a, J8697a and 51 more 2025-04-12 N/A
HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859.
CVE-2015-7229 1 Twitter Project 1 Twitter 2025-04-12 N/A
The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post to twitter" permission or change the options for arbitrary attached accounts by leveraging the (2) "add twitter accounts" or (3) "add authenticated twitter accounts" permission.
CVE-2015-7238 1 Mcafee 1 Threat Intelligence Exchange 2025-04-12 N/A
The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain sensitive information by reading the files.
CVE-2015-7861 1 Accelerite 1 Radia Client Automation 2025-04-12 N/A
Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending unspecified commands in an environment that lacks relationship-based firewalling.
CVE-2016-1235 2 Debian, Oar Project 2 Debian Linux, Oar 2025-04-12 N/A
The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options.
CVE-2016-1322 1 Cisco 1 Spark 2025-04-12 N/A
The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584.
CVE-2016-7387 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2025-04-12 N/A
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000D where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.
CVE-2016-7488 1 Teradata 1 Virtual Machine 2025-04-12 N/A
Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root.
CVE-2016-8561 1 Siemens 2 Simatic Cp 1543-1, Simatic Cp 1543-1 Firmware 2025-04-12 N/A
A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the engineering station could possibly get privileged access on affected devices.
CVE-2014-7298 1 Centrify 2 Centrify Suite, Directcontrol 2025-04-12 N/A
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.
CVE-2014-6350 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6349.
CVE-2015-2364 1 Microsoft 9 Windows 2003 Server, Windows 7, Windows 8 and 6 more 2025-04-12 N/A
The graphics component in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that leverages an incorrect bitmap conversion, aka "Graphics Component EOP Vulnerability."
CVE-2015-2365 1 Microsoft 9 Windows 2003 Server, Windows 7, Windows 8 and 6 more 2025-04-12 N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
CVE-2015-2371 1 Microsoft 9 Windows 2003 Server, Windows 7, Windows 8 and 6 more 2025-04-12 N/A
The Windows Installer service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a custom action script associated with a .msi package, aka "Windows Installer EoP Vulnerability."
CVE-2015-5889 1 Apple 1 Mac Os X 2025-04-12 N/A
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
CVE-2014-5207 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2025-04-12 N/A
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.
CVE-2015-3270 1 Apache 1 Ambari 2025-04-12 N/A
Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords.
CVE-2015-4927 1 Ibm 1 Tivoli Storage Manager 2025-04-12 N/A
The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file.
CVE-2014-6288 1 Alex Kellner 1 Powermail 2025-04-12 N/A
The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors.