Export limit exceeded: 361808 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9517 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4074 | 1 Microsoft | 5 Windows 8, Windows 8.1, Windows Rt and 2 more | 2025-04-12 | N/A |
| The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via an application that schedules a crafted task, aka "Task Scheduler Vulnerability." | ||||
| CVE-2014-4073 | 1 Microsoft | 1 .net Framework | 2025-04-12 | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability." | ||||
| CVE-2015-5352 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2025-04-12 | N/A |
| The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time window. | ||||
| CVE-2015-2517 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | N/A |
| The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2511, CVE-2015-2518, and CVE-2015-2546. | ||||
| CVE-2014-3980 | 1 Daiki Ueno | 1 Libfep | 2025-04-12 | N/A |
| libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2016-1457 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | N/A |
| The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. | ||||
| CVE-2016-1290 | 2 Cisco, Sun | 3 Evolved Programmable Network Manager, Prime Infrastructure, Opensolaris | 2025-04-12 | N/A |
| The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved Programmable Network Manager (EPNM) 1.2 allows remote authenticated users to bypass intended RBAC restrictions and gain privileges via an HTTP request that is inconsistent with a pattern filter, aka Bug ID CSCuy10227. | ||||
| CVE-2014-3969 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| Xen 4.4.x, when running on an ARM system, does not properly check write permissions on virtual addresses, which allows local guest administrators to gain privileges via unspecified vectors. | ||||
| CVE-2014-3963 | 1 Owncloud | 1 Owncloud | 2025-04-12 | N/A |
| ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors. | ||||
| CVE-2015-5737 | 1 Fortinet | 1 Forticlient | 2025-04-12 | N/A |
| The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) mdare64_52.sys, and (5) Fortishield.sys drivers in Fortinet FortiClient before 5.2.4 do not properly restrict access to the API for management of processes and the Windows registry, which allows local users to obtain a privileged handle to a PID and possibly have unspecified other impact, as demonstrated by a 0x2220c8 ioctl call. | ||||
| CVE-2015-5770 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app. | ||||
| CVE-2015-4182 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | N/A |
| The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087. | ||||
| CVE-2015-4185 | 1 Cisco | 1 Ios | 2025-04-12 | N/A |
| The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202. | ||||
| CVE-2014-3133 | 1 Sap | 1 Netweaver Java Application Server | 2025-04-12 | N/A |
| SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to SystemSelection. | ||||
| CVE-2014-3131 | 1 Sap | 1 Profile Maintenance | 2025-04-12 | N/A |
| SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1. | ||||
| CVE-2015-4235 | 1 Cisco | 2 Application Policy Infrastructure Controller \(apic\), Nx-os | 2025-04-12 | N/A |
| Cisco Application Policy Infrastructure Controller (APIC) devices with software before 1.0(3o) and 1.1 before 1.1(1j) and Nexus 9000 ACI devices with software before 11.0(4o) and 11.1 before 11.1(1j) do not properly restrict access to the APIC filesystem, which allows remote authenticated users to obtain root privileges via unspecified use of the APIC cluster-management configuration feature, aka Bug IDs CSCuu72094 and CSCuv11991. | ||||
| CVE-2016-3939 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30874196 and Qualcomm internal bug CR 1001224. | ||||
| CVE-2016-3938 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30019716 and Qualcomm internal bug CR 1049232. | ||||
| CVE-2016-3931 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29157595 and Qualcomm internal bug CR 1036418. | ||||
| CVE-2016-3930 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28760138. | ||||