Export limit exceeded: 359547 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9468 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-6850 | 1 Emc | 1 Vplex Geosynchrony | 2025-04-12 | N/A |
| EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. | ||||
| CVE-2015-6856 | 1 Dell | 1 Pre-boot Authentication Driver | 2025-04-12 | N/A |
| Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call. | ||||
| CVE-2015-3082 | 5 Adobe, Apple, Linux and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | N/A |
| Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3083 and CVE-2015-3085. | ||||
| CVE-2015-6861 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-12 | N/A |
| HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account. | ||||
| CVE-2015-6980 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2015-7685 | 1 Glpi-project | 1 Glpi | 2025-04-12 | N/A |
| GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php. | ||||
| CVE-2015-7707 | 1 Igniterealtime | 1 Openfire | 2025-04-12 | N/A |
| Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp. | ||||
| CVE-2015-7709 | 1 Arkeia | 1 Western Digital Arkeia | 2025-04-12 | N/A |
| The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation. | ||||
| CVE-2015-7717 | 1 Google | 1 Android | 2025-04-12 | N/A |
| mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596. | ||||
| CVE-2015-7766 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-04-12 | N/A |
| PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO." | ||||
| CVE-2015-7788 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2025-04-12 | N/A |
| ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors. | ||||
| CVE-2015-7809 | 1 Symfony | 1 Twig | 2025-04-12 | N/A |
| The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template. | ||||
| CVE-2015-7818 | 2 Ibm, Lenovo | 2 System Networking Switch Center, Switch Center | 2025-04-12 | N/A |
| The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows local users to execute arbitrary JSP code with SYSTEM privileges by using the Apache Axis AdminService deployment method to install a .jsp file. | ||||
| CVE-2015-3079 | 5 Adobe, Apple, Linux and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | N/A |
| Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-7835 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. | ||||
| CVE-2015-7662 | 6 Adobe, Apple, Google and 3 more | 10 Air, Air Sdk, Air Sdk \& Compiler and 7 more | 2025-04-12 | N/A |
| Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and write to files via unspecified vectors. | ||||
| CVE-2013-2027 | 2 Jython Project, Opensuse | 2 Jython, Opensuse | 2025-04-12 | N/A |
| Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2015-8154 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permissions." | ||||
| CVE-2015-8222 | 1 Canonical | 1 Ubuntu Linux | 2025-04-12 | N/A |
| The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2015-8279 | 1 Samsung | 1 Web Viewer | 2025-04-12 | N/A |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. | ||||