Total
5483 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7358 | 4 Ciphershed, Idrix, Microsoft and 1 more | 4 Ciphershed, Veracrypt, Windows and 1 more | 2025-04-20 | N/A |
| The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory. | ||||
| CVE-2016-10151 | 1 Hesiod Project | 1 Hesiod | 2025-04-20 | N/A |
| The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary. | ||||
| CVE-2016-7786 | 1 Sophos | 2 Cyberoam Cr25ing Utm, Cyberoam Cr25ing Utm Firmware | 2025-04-20 | N/A |
| Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated users to bypass intended access restrictions via direct object reference, as demonstrated by a request for Licenseinformation.jsp. This is fixed in 10.6.5. | ||||
| CVE-2015-0864 | 1 Samsung | 2 Galaxy App, Samsung Account App | 2025-04-20 | N/A |
| Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | ||||
| CVE-2015-0863 | 1 Samsung | 2 Galaxy App, Samsung Account App | 2025-04-20 | N/A |
| GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | ||||
| CVE-2015-7317 | 2 Kupu Project, Plone | 2 Kupu, Plone | 2025-04-20 | N/A |
| Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings. | ||||
| CVE-2015-0296 | 2 Fedoraproject, Tug | 2 Fedora, Texlive | 2025-04-20 | N/A |
| The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory. | ||||
| CVE-2015-0162 | 1 Ibm | 1 Security Siteprotector System | 2025-04-20 | N/A |
| IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. | ||||
| CVE-2017-6623 | 1 Cisco | 1 Policy Suite | 2025-04-20 | N/A |
| A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input at the CLI, using this script file to escalate their privilege level and execute commands as root. A successful exploit could allow the attacker to acquire root-level privileges and take full control of the appliance. The user has to be logged-in to the device with valid credentials for a specific set of users. The Cisco Policy Suite application is vulnerable when running software versions 10.0.0, 10.1.0, or 11.0.0. Cisco Bug IDs: CSCvc07366. | ||||
| CVE-2017-6624 | 1 Cisco | 1 Ios | 2025-04-20 | N/A |
| A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939. | ||||
| CVE-2014-9696 | 1 Huawei | 2 Tecal E9000 Chassis, Tecal E9000 Chassis Firmware | 2025-04-20 | N/A |
| The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalation. | ||||
| CVE-2014-9695 | 1 Huawei | 2 Tecal E9000 Chassis, Tecal E9000 Chassis Firmware | 2025-04-20 | N/A |
| The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user. | ||||
| CVE-2016-8235 | 1 Lenovo | 1 Customer Care Software Development Kit | 2025-04-20 | N/A |
| Privilege escalation in Lenovo Customer Care Software Development Kit (CCSDK) versions earlier than 2.0.16.3 allows local users to execute code with elevated privileges. | ||||
| CVE-2016-8202 | 1 Broadcom | 1 Fabric Operating System | 2025-04-20 | N/A |
| A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters. | ||||
| CVE-2014-9921 | 1 Mcafee | 1 Cloud Analysis And Deconstructive Services | 2025-04-20 | N/A |
| Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error. | ||||
| CVE-2016-9867 | 1 Emc | 1 Scaleio | 2025-04-20 | N/A |
| An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers. | ||||
| CVE-2014-9262 | 1 Snapcreek | 1 Duplicator | 2025-04-20 | N/A |
| The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. | ||||
| CVE-2014-9909 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684. | ||||
| CVE-2017-12268 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-20 | N/A |
| A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539. | ||||
| CVE-2016-9984 | 1 Ibm | 1 Maximo Asset Management | 2025-04-20 | N/A |
| IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276. | ||||