Search Results (9600 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1881 1 Freebsd 1 Freebsd 2025-04-20 N/A
The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause a denial of service (crash) or potentially gain privilege via a crafted Linux compatibility layer setgroups system call.
CVE-2016-1880 1 Freebsd 1 Freebsd 2025-04-20 N/A
The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists."
CVE-2016-1876 1 Lenovo 1 Solution Center 2025-04-20 N/A
The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors.
CVE-2016-10126 1 Splunk 1 Splunk 2025-04-20 N/A
Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840.
CVE-2016-10123 1 Firejail Project 1 Firejail 2025-04-20 N/A
Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges.
CVE-2016-10122 1 Firejail Project 1 Firejail 2025-04-20 N/A
Firejail does not properly clean environment variables, which allows local users to gain privileges.
CVE-2016-10089 1 Nagios 1 Nagios 2025-04-20 N/A
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641.
CVE-2016-10118 1 Firejail Project 1 Firejail 2025-04-20 N/A
Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /.
CVE-2016-10119 1 Firejail Project 1 Firejail 2025-04-20 N/A
Firejail uses 0777 permissions when mounting /tmp, which allows local users to gain privileges.
CVE-2014-0073 1 Apache 2 Cordova, Cordova In-app-browser 2025-04-20 N/A
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.
CVE-2013-7432 1 Mapsplugin 1 Googlemaps 2025-04-20 N/A
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism.
CVE-2016-10120 1 Firejail Project 1 Firejail 2025-04-20 N/A
Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges.
CVE-2016-10121 1 Firejail Project 1 Firejail 2025-04-20 N/A
Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges.
CVE-2013-6446 1 Cloudera 1 Cdh 2025-04-20 N/A
The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.
CVE-2016-10700 1 Cacti 1 Cacti 2025-04-20 N/A
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.
CVE-2015-0296 2 Fedoraproject, Tug 2 Fedora, Texlive 2025-04-20 N/A
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.
CVE-2014-9696 1 Huawei 2 Tecal E9000 Chassis, Tecal E9000 Chassis Firmware 2025-04-20 N/A
The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalation.
CVE-2017-7489 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.
CVE-2014-9695 1 Huawei 2 Tecal E9000 Chassis, Tecal E9000 Chassis Firmware 2025-04-20 N/A
The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user.
CVE-2014-9610 1 Netsweeper 1 Netsweeper 2025-04-20 N/A
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.