Export limit exceeded: 361952 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9520 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5636 | 1 Newphoria Corporation | 1 Reversi | 2025-04-12 | N/A |
| The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
| CVE-2015-3847 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. | ||||
| CVE-2015-5637 | 1 Newphoria Corporation | 1 1.1 | 2025-04-12 | N/A |
| The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
| CVE-2015-5715 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors. | ||||
| CVE-2015-4038 | 1 Wpmembership | 1 Wpmembership | 2025-04-12 | N/A |
| The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php. | ||||
| CVE-2015-5770 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app. | ||||
| CVE-2015-4182 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | N/A |
| The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087. | ||||
| CVE-2015-4185 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202. | ||||
| CVE-2013-1841 | 1 Seamons | 1 Net-server | 2025-04-12 | N/A |
| Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostname parameter. | ||||
| CVE-2015-4225 | 1 Cisco | 12 Nexus 93120tx, Nexus 93128tx, Nexus 9332pq and 9 more | 2025-04-12 | N/A |
| Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuq77485. | ||||
| CVE-2015-4231 | 1 Cisco | 3 Nexus 7000, Nexus 7700, Nx-os | 2025-04-12 | N/A |
| The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416. | ||||
| CVE-2015-4282 | 1 Cisco | 1 Mobility Services Engine | 2025-04-12 | N/A |
| Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak permissions for unspecified binary files, which allows local users to obtain root privileges by writing to a file, aka Bug ID CSCuv40504. | ||||
| CVE-2015-8222 | 1 Canonical | 1 Ubuntu Linux | 2025-04-12 | N/A |
| The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2015-4287 | 1 Cisco | 1 Firepower Extensible Operating System | 2025-04-12 | N/A |
| Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230. | ||||
| CVE-2014-1314 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application. | ||||
| CVE-2015-4322 | 1 Cisco | 1 Content Security Management Appliance | 2025-04-12 | N/A |
| Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894. | ||||
| CVE-2016-2160 | 1 Redhat | 2 Openshift, Openshift Origin | 2025-04-12 | N/A |
| Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. | ||||
| CVE-2014-3431 | 2 Apple, Symantec | 3 Mac Os X, Encryption Desktop, Pgp Desktop | 2025-04-12 | N/A |
| Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors. | ||||
| CVE-2015-4389 | 1 Open Graph Importer Project | 1 Open Graph Importer | 2025-04-12 | N/A |
| The Open Graph Importer (og_tag_importer) 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass intended restrictions by leveraging the "import og_tag_importer" permission. | ||||
| CVE-2015-7468 | 1 Ibm | 1 Jazz Reporting Service | 2025-04-12 | N/A |
| Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors. | ||||