Search Results (9549 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-9940 1 Siemens 1 Sipass Integrated 2025-04-20 N/A
A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network.
CVE-2017-14329 1 Extremenetworks 1 Extremexos 2025-04-20 N/A
Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving an exsh debug shell.
CVE-2017-9944 1 Siemens 2 7kt Pac1200 Data Manager, 7kt Pac1200 Data Manager Firmware 2025-04-20 N/A
A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations over the network.
CVE-2016-8457 1 Linux 1 Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219453. References: B-RB#106116.
CVE-2015-0863 1 Samsung 2 Galaxy App, Samsung Account App 2025-04-20 N/A
GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.
CVE-2017-5664 2 Apache, Redhat 4 Tomcat, Enterprise Linux, Jboss Enterprise Application Platform and 1 more 2025-04-20 N/A
The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.
CVE-2017-10000 1 Oracle 1 Hospitality Reporting And Analytics 2025-04-20 N/A
Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. While the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Reporting and Analytics. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).
CVE-2017-5722 1 Intel 10 Nuc7i3bnh, Nuc7i3bnh Firmware, Nuc7i3bnk and 7 more 2025-04-20 N/A
Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage.
CVE-2017-1000003 1 Atutor 1 Atutor 2025-04-20 N/A
ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Module component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to a incorrect access control check vulnerability in the Alternative Content component resulting in privilege escalation.
CVE-2016-10398 1 Google 1 Android 2025-04-20 N/A
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X.
CVE-2017-1000082 1 Systemd Project 1 Systemd 2025-04-20 9.8 Critical
systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.
CVE-2017-1000104 1 Jenkins 1 Config File Provider 2025-04-20 N/A
The Config File Provider Plugin is used to centrally manage configuration files that often include secrets, such as passwords. Users with only Overall/Read access to Jenkins were able to access URLs directly that allowed viewing these files. Access to view these files now requires sufficient permissions to configure the provided files, view the configuration of the folder in which the configuration files are defined, or have Job/Configure permissions to a job able to use these files.
CVE-2015-3188 1 Apache 1 Storm 2025-04-20 N/A
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2015-3222 1 Ossec 1 Ossec 2025-04-20 N/A
syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root.
CVE-2016-10318 1 Linux 1 Linux Kernel 2025-04-20 N/A
A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service.
CVE-2015-5244 1 Mod Nss Project 1 Mod Nss 2025-04-20 N/A
The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.
CVE-2017-7532 1 Moodle 1 Moodle 2025-04-20 N/A
In Moodle 3.x, course creators are able to change system default settings for courses.
CVE-2016-10700 1 Cacti 1 Cacti 2025-04-20 N/A
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.
CVE-2016-8202 1 Broadcom 1 Fabric Operating System 2025-04-20 N/A
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters.
CVE-2016-9871 1 Emc 1 Isilon Onefs 2025-04-20 N/A
EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.