Search Results (9587 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-3843 1 Google 1 Android 2025-04-12 N/A
The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171.
CVE-2015-0554 1 Adb 2 P.dga4001n, P.dga4001n Firmware 2025-04-12 N/A
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
CVE-2015-0605 1 Cisco 2 Asyncos, Email Security Appliance Firmware 2025-04-12 N/A
The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343.
CVE-2015-0663 1 Cisco 1 Anyconnect Secure Mobility Client 2025-04-12 N/A
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392.
CVE-2015-0692 1 Cisco 1 Web Security Appliance 2025-04-12 N/A
Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230.
CVE-2015-0861 2 Debian, Tryton 2 Debian Linux, Trytond 2025-04-12 N/A
model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records.
CVE-2015-1029 1 Puppet 2 Puppet Enterprise, Stdlib 2025-04-12 N/A
The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache.
CVE-2015-3290 1 Linux 1 Linux Kernel 2025-04-12 N/A
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
CVE-2015-0981 1 Scadaengine 1 Bacnet Opc Server 2025-04-12 N/A
The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors.
CVE-2015-4032 1 Visual Mining 1 Netcharts Server 2025-04-12 N/A
projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors.
CVE-2015-1085 1 Apple 1 Iphone Os 2025-04-12 N/A
AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.
CVE-2016-8101 1 Intel 1 Solid-state Drive Toolbox 2025-04-12 N/A
The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors.
CVE-2016-8102 1 Intel 1 Wireless Bluetooth Drivers 2025-04-12 N/A
Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges.
CVE-2016-3857 1 Google 1 Android 2025-04-12 N/A
The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.
CVE-2016-8103 1 Intel 19 Canyon Bios, Citry Bios, City Bios and 16 more 2025-04-12 N/A
SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform.
CVE-2015-1342 1 Canonical 2 Lxcfs, Ubuntu Linux 2025-04-12 N/A
LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup.
CVE-2015-1496 1 Motorola 1 Motorola Scanner Sdk 2025-04-12 N/A
Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors.
CVE-2015-1498 1 Persistent Systems 1 Radia Client Automation 2025-04-12 N/A
Persistent Systems Radia Client Automation does not properly restrict access to certain request, which allows remote attackers to (1) enumerate user accounts via a getUsers request, (2) assign a role to a user account via an addAssigneesToRole request, (3) remove a role from a user account via a removeAssigneesFromRole request, or (4) have other unspecified impact.
CVE-2015-1515 1 Softsphere 1 Defensewall Personal Firewall 2025-04-12 N/A
The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call.
CVE-2015-1551 1 Arubanetworks 1 Clearpass Policy Manager 2025-04-12 N/A
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors.