Search Results (5694 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3928 1 Lg Project 1 Lg 2025-04-20 N/A
Cougar-LG stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials.
CVE-2014-3929 1 Lg Project 1 Lg 2025-04-20 N/A
The default configuration for Cougar-LG stores sensitive information under the web root with insufficient access control, which might allow remote attackers to obtain private ssh keys.
CVE-2014-3930 1 Lg Project 1 Lg 2025-04-20 N/A
lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials.
CVE-2014-4707 1 Huawei 6 Campus S7700, Campus S7700 Firmware, Campus S9300 and 3 more 2025-04-20 N/A
Huawei Campus S7700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9300 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300; S9700 with software V200R001C00SPC300, V200R002C00SPC100, V200R003C00SPC300 allow unauthorized users to upgrade the bootrom or bootload software, bypass a Menu protection mechanism, conduct a Menu compromise attack, or bypass a Menu/upgrade protection mechanism.
CVE-2014-8168 1 Redhat 1 Satellite 2025-04-20 7.8 High
Red Hat Satellite 6 allows local users to access mongod and delete pulp_database.
CVE-2015-0104 1 Ibm 11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more 2025-04-20 N/A
IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2015-0110 1 Ibm 2 Business Process Manager, Websphere Application Server 2025-04-20 N/A
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.
CVE-2015-1336 3 Canonical, Debian, Man-db Project 3 Ubuntu Linux, Debian Linux, Man-db 2025-04-20 N/A
The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use.
CVE-2015-3840 1 Google 1 Android 2025-04-20 N/A
The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.
CVE-2015-7315 1 Plone 1 Plone 2025-04-20 N/A
Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator.
CVE-2015-7494 1 Ibm 2 Cloud Orchestrator, Smartcloud Orchestrator 2025-04-20 N/A
A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API call, provided it would have been possible for the domain admin user to gain access to a resource identifier of the other domain.
CVE-2015-8139 1 Ntp 1 Ntp 2025-04-20 N/A
ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors.
CVE-2015-8140 1 Ntp 1 Ntp 2025-04-20 N/A
The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network.
CVE-2015-8275 1 Eparaksts 2 Edoc-libraries, Eparakstitajs 3 2025-04-20 N/A
LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files.
CVE-2015-8284 1 Seawell Networks 1 Spectrum Sdc 2025-04-20 N/A
SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.
CVE-2015-8973 1 Mybb 2 Merge System, Mybb 2025-04-20 N/A
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.
CVE-2015-8987 1 Mcafee 1 Agent 2025-04-20 N/A
Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server.
CVE-2015-9006 1 Google 1 Android 2025-04-20 N/A
In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.
CVE-2015-9021 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled.
CVE-2015-9024 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications.