Search Results (5495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-6526 1 Samsung 1 Samsung Mobile 2025-04-20 N/A
The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
CVE-2014-0073 1 Apache 2 Cordova, Cordova In-app-browser 2025-04-20 N/A
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI.
CVE-2014-3222 1 Huawei 1 Espace Meeting 2025-04-20 N/A
In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources.
CVE-2014-8428 1 Barracuda 1 Load Balancer 2025-04-20 N/A
Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key.
CVE-2014-8571 1 Huawei 6 Ascend P6 Edge-c00, Ascend P6 Edge-c00 Firmware, Ascend P6 Edge-t00 and 3 more 2025-04-20 N/A
Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before V100R001C92B508SP03 can capture screens without the root permission. As a result, user information can be leaked by malware on Ascend P6 mobile phones.
CVE-2014-9262 1 Snapcreek 1 Duplicator 2025-04-20 N/A
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.
CVE-2014-9921 1 Mcafee 1 Cloud Analysis And Deconstructive Services 2025-04-20 N/A
Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error.
CVE-2014-9922 2 Google, Linux 2 Android, Linux Kernel 2025-04-20 N/A
The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.
CVE-2015-0863 1 Samsung 2 Galaxy App, Samsung Account App 2025-04-20 N/A
GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.
CVE-2015-0864 1 Samsung 2 Galaxy App, Samsung Account App 2025-04-20 N/A
Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.
CVE-2015-1324 1 Canonical 1 Ubuntu Linux 2025-04-20 N/A
Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries.
CVE-2015-1378 1 Grml 1 Grml-debootstrap 2025-04-20 N/A
cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users.
CVE-2015-2560 1 Zohocorp 1 Manageengine Desktop Central 2025-04-20 N/A
Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet.
CVE-2015-3188 1 Apache 1 Storm 2025-04-20 N/A
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2015-3222 1 Ossec 1 Ossec 2025-04-20 N/A
syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root.
CVE-2015-3229 1 Fedoraproject 2 Atomic, Spin-kickstarts 2025-04-20 N/A
fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attacks by leveraging use of HTTP to download Fedora Atomic updates.
CVE-2015-3321 1 Lenovo 1 Fingerprint Manager 2025-04-20 N/A
Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations.
CVE-2015-4165 1 Elasticsearch 1 Elasticsearch 2025-04-20 N/A
The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code.
CVE-2015-7561 2 Kubernetes, Redhat 2 Kubernetes, Openshift 2025-04-20 N/A
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
CVE-2016-10280 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175767. References: M-ALPS02696445.