ReportizFlow
Filtered by vendor
Subscriptions
Total
5481 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4165 | 1 Elasticsearch | 1 Elasticsearch | 2025-04-20 | N/A |
| The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code. | ||||
| CVE-2015-4082 | 1 Attic Project | 1 Attic | 2025-04-20 | N/A |
| attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file". | ||||
| CVE-2014-9910 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710. | ||||
| CVE-2016-8592 | 1 Trendmicro | 1 Threat Discovery Appliance | 2025-04-20 | N/A |
| log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | ||||
| CVE-2015-1324 | 1 Canonical | 1 Ubuntu Linux | 2025-04-20 | N/A |
| Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries. | ||||
| CVE-2015-1610 | 1 Opendaylight | 1 L2switch | 2025-04-20 | N/A |
| hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing." | ||||
| CVE-2015-1795 | 1 Redhat | 3 Enterprise Linux, Gluster Storage, Storage | 2025-04-20 | N/A |
| Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. | ||||
| CVE-2015-1878 | 1 Thalesesecurity | 7 Nshield Connect 1500, Nshield Connect 1500\+, Nshield Connect 500 and 4 more | 2025-04-20 | N/A |
| Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device on a network, affect the integrity and confidentiality of newly created keys, and potentially cause other unspecified impacts using previously loaded keys by connecting to the USB port on the front panel. | ||||
| CVE-2015-3188 | 1 Apache | 1 Storm | 2025-04-20 | N/A |
| The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2015-3321 | 1 Lenovo | 1 Fingerprint Manager | 2025-04-20 | N/A |
| Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. | ||||
| CVE-2014-9262 | 1 Snapcreek | 1 Duplicator | 2025-04-20 | N/A |
| The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. | ||||
| CVE-2014-9695 | 1 Huawei | 2 Tecal E9000 Chassis, Tecal E9000 Chassis Firmware | 2025-04-20 | N/A |
| The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user. | ||||
| CVE-2014-9696 | 1 Huawei | 2 Tecal E9000 Chassis, Tecal E9000 Chassis Firmware | 2025-04-20 | N/A |
| The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalation. | ||||
| CVE-2014-8571 | 1 Huawei | 6 Ascend P6 Edge-c00, Ascend P6 Edge-c00 Firmware, Ascend P6 Edge-t00 and 3 more | 2025-04-20 | N/A |
| Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 V100R001C17B508SP01 and earlier versions before V100R001C17B508SP02; EDGE-T00 V100R001C01B508SP01 and earlier versions before V100R001C01B508SP02; EDGE-C00 V100R001C92B508SP02 and earlier versions before V100R001C92B508SP03 can capture screens without the root permission. As a result, user information can be leaked by malware on Ascend P6 mobile phones. | ||||
| CVE-2014-8428 | 1 Barracuda | 1 Load Balancer | 2025-04-20 | N/A |
| Privilege escalation vulnerability in Barracuda Load Balancer 5.0.0.015 via the use of an improperly protected SSH key. | ||||
| CVE-2014-7279 | 1 Kankunit | 2 Konke Smart Plug, Konke Smart Plug Firmware | 2025-04-20 | N/A |
| The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23. | ||||
| CVE-2014-0073 | 1 Apache | 2 Cordova, Cordova In-app-browser | 2025-04-20 | N/A |
| The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 through 2.9.0 does not properly validate callback identifiers, which allows remote attackers to execute arbitrary JavaScript in the host page and consequently gain privileges via a crafted gap-iab: URI. | ||||
| CVE-2016-10086 | 5 Ca, Ibm, Linux and 2 more | 6 Service Desk Management, Service Desk Manager, Aix and 3 more | 2025-04-20 | N/A |
| RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. | ||||
| CVE-2016-10318 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service. | ||||
| CVE-2016-8237 | 1 Lenovo | 1 Updates | 2025-04-20 | N/A |
| Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code. | ||||