Search Results (9543 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8425 1 Linux 1 Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31797770. References: N-CVE-2016-8425.
CVE-2014-7279 1 Kankunit 2 Konke Smart Plug, Konke Smart Plug Firmware 2025-04-20 N/A
The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23.
CVE-2016-8455 1 Linux 1 Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32219121. References: B-RB#106311.
CVE-2017-14312 1 Nagios 1 Nagios Core 2025-04-20 N/A
Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root but supports configuration options in which this file is owned by a non-root account (and similarly can have nagios.cfg owned by a non-root account), which allows local users to gain privileges by leveraging access to this non-root account.
CVE-2016-7818 1 Japan Pension Service 4 Device Data Encryption Program, Specification Check Program, Todokesho Creation Program and 1 more 2025-04-20 N/A
Untrusted search path vulnerability in Installers for Specification check program (social insurance) Ver. 9.00 and earlier, TODOKESHO print program Ver. 5.00 and earlier, Device data encryption program Ver. 1.00 and earlier, and TODOKESHO creation program Ver. 15.00 and earlier available prior to October 17, 2016 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2015-8768 2 Canonical, Click Project 2 Ubuntu Linux, Click 2025-04-20 N/A
click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone.
CVE-2016-5856 2 Google, Linux 2 Android, Linux Kernel 2025-04-20 N/A
Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857.
CVE-2017-12261 1 Cisco 3 Identity Services Engine, Identity Services Engine Express, Identity Services Engine Virtual Appliance 2025-04-20 N/A
A vulnerability in the restricted shell of the Cisco Identity Services Engine (ISE) that is accessible via SSH could allow an authenticated, local attacker to run arbitrary CLI commands with elevated privileges. The vulnerability is due to incomplete input validation of the user input for CLI commands issued at the restricted shell. An attacker could exploit this vulnerability by authenticating to the targeted device and executing commands that could lead to elevated privileges. An attacker would need valid user credentials to the device to exploit this vulnerability. The vulnerability affects the following Cisco Identity Services Engine (ISE) products running Release 1.4, 2.0, 2.0.1, 2.1.0: ISE, ISE Express, ISE Virtual Appliance. Cisco Bug IDs: CSCve74916.
CVE-2016-5857 1 Google 1 Android 2025-04-20 N/A
The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140.
CVE-2017-14484 1 Gentoo 1 Sci-mathematics-gimps 2025-04-20 N/A
The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed.
CVE-2017-14380 1 Emc 1 Isilon Onefs 2025-04-20 N/A
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.
CVE-2017-12422 1 Netapp 1 Storagegrid Webscale 2025-04-20 N/A
NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before 10.3.0.4, and 10.4.x before 10.4.0.2 allow remote authenticated users to delete arbitrary objects via unspecified vectors.
CVE-2015-7359 4 Ciphershed, Idrix, Microsoft and 1 more 4 Ciphershed, Veracrypt, Windows and 1 more 2025-04-20 N/A
The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes.
CVE-2015-7358 4 Ciphershed, Idrix, Microsoft and 1 more 4 Ciphershed, Veracrypt, Windows and 1 more 2025-04-20 N/A
The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory.
CVE-2015-7274 1 Dell 2 Integrated Remote Access Controller 6, Integrated Remote Access Controller Firmware 2025-04-20 N/A
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.
CVE-2017-12363 1 Cisco 1 Webex Meetings Server 2025-04-20 N/A
A vulnerability in Cisco WebEx Meeting Server could allow an unauthenticated, remote attacker to modify the welcome message of a meeting on an affected system. The vulnerability is due to insufficient security settings on meetings. An attacker could exploit this vulnerability by modifying the welcome message to a meeting. A successful exploit could allow the attacker to modify the welcome message of any known meeting. Cisco Bug IDs: CSCvf68695.
CVE-2015-0863 1 Samsung 2 Galaxy App, Samsung Account App 2025-04-20 N/A
GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.
CVE-2015-1591 1 Kamailio 1 Kamailio 2025-04-20 N/A
The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.
CVE-2015-1878 1 Thalesesecurity 7 Nshield Connect 1500, Nshield Connect 1500\+, Nshield Connect 500 and 4 more 2025-04-20 N/A
Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device on a network, affect the integrity and confidentiality of newly created keys, and potentially cause other unspecified impacts using previously loaded keys by connecting to the USB port on the front panel.
CVE-2017-14330 1 Extremenetworks 1 Extremexos 2025-04-20 N/A
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.