Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-3218 1 Polkit Project 1 Polkit 2025-04-12 N/A
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
CVE-2014-4373 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 N/A
The IntelAccelerator driver in the IOAcceleratorFamily subsystem in Apple iOS before 8 and Apple TV before 7 allows attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted application.
CVE-2014-4374 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
NSXMLParser in Foundation in Apple iOS before 8 allows attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2015-5068 1 Sap 1 Mobile Platform 2025-04-12 N/A
XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601.
CVE-2015-2925 4 Canonical, Debian, Linux and 1 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2025-04-12 N/A
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
CVE-2015-6775 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
CVE-2014-4459 1 Apple 5 Iphone Os, Itunes, Mac Os X and 2 more 2025-04-12 N/A
Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
CVE-2013-4546 1 Gitlab 2 Gitlab, Gitlab-shell 2025-04-12 N/A
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
CVE-2015-5932 1 Apple 1 Mac Os X 2025-04-12 N/A
The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing.
CVE-2013-6774 4 Androidsu, Chainfire, Google and 1 more 4 Chainsdd Superuser, Supersu, Android and 1 more 2025-04-12 N/A
Untrusted search path vulnerability in the ChainsDD Superuser package 3.1.3 for Android 4.2.x and earlier, CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier, and Chainfire SuperSU package before 1.69 for Android 4.2.x and earlier allows attackers to load an arbitrary .jar file and gain privileges via a crafted BOOTCLASSPATH environment variable for a /system/xbin/su process. NOTE: another researcher was unable to reproduce this with ChainsDD Superuser.
CVE-2014-4634 1 Emc 2 Appsync, Replication Manager 2025-04-12 N/A
Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.
CVE-2014-4752 1 Ibm 40 Bladecenter 10g Vfsm, Bladecenter 10g Vfsm Firmware, Bladecenter 1\/10g and 37 more 2025-04-12 N/A
IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, and G8264-T switches before 7.9.10.0; EN4093, EN4093R, CN4093, SI4093, EN2092, and G8264CS switches before 7.8.6.0; Flex System Interconnect Fabric before 7.8.6.0; 1G L2-7 SLB switch for Bladecenter before 21.0.21.0; 10G VFSM for Bladecenter before 7.8.14.0; 1:10G switch for Bladecenter before 7.4.8.0; 1G switch for Bladecenter before 5.3.5.0; Server Connectivity Module before 1.1.3.4; System Networking RackSwitch G8332 before 7.7.17.0; and System Networking RackSwitch G8000 before 7.1.7.0 have hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2014-4756 1 Ibm 1 Rational License Key Server 2025-04-12 N/A
The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4.x before 8.1.4.4 allows remote authenticated users to hijack sessions via unspecified vectors.
CVE-2014-0007 2 Redhat, Theforeman 4 Openstack, Satellite, Satellite Capsule and 1 more 2025-04-12 N/A
The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path parameter to tftp/fetch_boot_file.
CVE-2014-4834 1 Ibm 1 Websphere Commerce 2025-04-12 N/A
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application crash) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
CVE-2015-7823 1 Kentico 1 Kentico Cms 2025-04-12 N/A
Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter.
CVE-2014-0186 1 Redhat 1 Enterprise Linux 2025-04-12 N/A
A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression.
CVE-2015-5539 5 Adobe, Apple, Linux and 2 more 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more 2025-04-12 N/A
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565.
CVE-2014-5073 1 Vmturbo 1 Operations Manager 2025-04-12 N/A
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.
CVE-2014-0206 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-12 N/A
Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.