Search Results (9531 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2629 1 Hp 1 Nonstop Safeguard Security 2025-04-12 N/A
HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, and J06.03 through J06.17.01 does not properly evaluate the DISKFILE-PATTERN ACL of a program object file, which allows remote authenticated users to bypass intended restrictions on program access via vectors related to process-creation time.
CVE-2016-9566 2 Nagios, Redhat 3 Nagios, Openstack, Storage 2025-04-12 N/A
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
CVE-2016-3871 1 Google 1 Android 2025-04-12 N/A
Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow attackers to gain privileges via a crafted application, aka internal bug 29422022.
CVE-2015-0818 2 Mozilla, Redhat 4 Firefox, Firefox Esr, Seamonkey and 1 more 2025-04-12 N/A
Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation.
CVE-2014-0629 1 Emc 1 Documentum Taskspace 2025-04-12 N/A
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation.
CVE-2016-3869 1 Google 1 Android 2025-04-12 N/A
The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#96070.
CVE-2015-1904 1 Ibm 1 Business Process Manager 2025-04-12 N/A
IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action.
CVE-2014-9869 1 Google 1 Android 2025-04-12 N/A
drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualcomm internal bug CR514711.
CVE-2016-3861 1 Google 1 Android 2025-04-12 N/A
LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543.
CVE-2014-4817 1 Ibm 1 Tivoli Storage Manager 2025-04-12 N/A
The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before 6.3.5.10 and 7.x before 7.1.1.100 allows remote attackers to bypass intended access restrictions and replace file backups by using a certain backup option in conjunction with a filename that matches a previously used filename.
CVE-2014-0002 2 Apache, Redhat 9 Camel, Fuse Esb Enterprise, Fuse Management Console and 6 more 2025-04-12 N/A
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2014-0005 1 Redhat 6 Jboss Bpms, Jboss Brms, Jboss Enterprise Application Platform and 3 more 2025-04-12 N/A
PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application.
CVE-2014-6602 1 Microsoft 2 Nokia Asha 501, Nokia Asha 501 Software 2025-04-12 N/A
Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 allows physically proximate attackers to bypass the lock-screen protection mechanism, and read or modify contact information or dial arbitrary telephone numbers, by tapping the SOS Option and then tapping the Green Call Option.
CVE-2014-9868 1 Google 1 Android 2025-04-12 N/A
drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976.
CVE-2015-7425 1 Ibm 2 Tivoli Storage Flashcopy Manager For Vmware, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware 2025-04-12 N/A
The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.4 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.4 allows remote attackers to obtain administrative privileges via a crafted URL that triggers back-end function execution.
CVE-2014-0067 2 Apple, Postgresql 3 Mac Os X, Mac Os X Server, Postgresql 2025-04-12 N/A
The "make check" command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster.
CVE-2014-8412 1 Digium 2 Asterisk, Certified Asterisk 2025-04-12 N/A
The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.x before 13.0.1 and Certified Asterisk 1.8.28 before 1.8.28-cert3 and 11.6 before 11.6-cert8 allows remote attackers to bypass the ACL restrictions via a packet with a source IP that does not share the address family as the first ACL entry.
CVE-2014-3521 1 Redhat 2 Conga, Rhel Cluster 2025-04-12 N/A
The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.
CVE-2013-3632 1 Openmediavault 1 Openmediavault 2025-04-12 8.8 High
The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter.
CVE-2016-3803 1 Google 1 Android 2025-04-12 N/A
The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434.