Total
4532 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8697 | 1 Stalin Project | 1 Stalin | 2025-04-20 | N/A |
| stalin 0.11-5 allows local users to write to arbitrary files. | ||||
| CVE-2016-6143 | 1 Sap | 1 Hana | 2025-04-20 | N/A |
| SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute arbitrary code via vectors involving the audit logs, aka SAP Security Note 2170806. | ||||
| CVE-2016-7032 | 2 Redhat, Todd Miller | 2 Enterprise Linux, Sudo | 2025-04-20 | N/A |
| sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. | ||||
| CVE-2015-8284 | 1 Seawell Networks | 1 Spectrum Sdc | 2025-04-20 | N/A |
| SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions. | ||||
| CVE-2015-8275 | 1 Eparaksts | 2 Edoc-libraries, Eparakstitajs 3 | 2025-04-20 | N/A |
| LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files. | ||||
| CVE-2015-7895 | 1 Samsung | 2 Galaxy S6, Samsung Mobile | 2025-04-20 | N/A |
| Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | ||||
| CVE-2015-7887 | 1 Netapp | 1 Snapcenter Server | 2025-04-20 | N/A |
| NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. | ||||
| CVE-2017-15994 | 1 Samba | 1 Rsync | 2025-04-20 | N/A |
| rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions. NOTE: the rsync development branch has significant use beyond the rsync developers, e.g., the code has been copied for use in various GitHub projects. | ||||
| CVE-2015-7265 | 1 Proxygen Project | 1 Proxygen | 2025-04-20 | N/A |
| Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks. | ||||
| CVE-2015-7263 | 1 Proxygen Project | 1 Proxygen | 2025-04-20 | N/A |
| The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value. | ||||
| CVE-2016-9817 | 1 Xen | 1 Xen | 2025-04-20 | N/A |
| Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving a (1) data or (2) prefetch abort with the ESR_EL2.EA bit set. | ||||
| CVE-2017-8448 | 1 Elastic | 1 X-pack | 2025-04-20 | N/A |
| An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges. | ||||
| CVE-2015-3657 | 1 Arubanetworks | 1 Clearpass | 2025-04-20 | N/A |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. | ||||
| CVE-2017-8438 | 1 Elastic | 1 X-pack | 2025-04-20 | N/A |
| Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties, the behavior of run_as will be incorrect. Additionally if the run_as user specified does not exist, the transition will not happen. | ||||
| CVE-2017-7493 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 7.8 High |
| Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System(9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing virtfs metadata files in mapped-file security mode. A guest user could use this flaw to escalate their privileges inside guest. | ||||
| CVE-2017-8447 | 1 Elastic | 1 X-pack | 2025-04-20 | N/A |
| An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege enforcement. If a user has either 'delete' or 'index' permissions on an index in a cluster, they may be able to issue both delete and index requests against that index. | ||||
| CVE-2017-12262 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2025-04-20 | N/A |
| A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. The vulnerability is due to an incorrect firewall rule on the device. The misconfiguration could allow traffic sent to the public interface of the device to be forwarded to the internal virtual network of the APIC-EM. An attacker that is logically adjacent to the network on which the public interface of the affected APIC-EM resides could leverage this behavior to gain access to services listening on the internal network with elevated privileges. This vulnerability affects appliances or virtual devices running Cisco Application Policy Infrastructure Controller Enterprise Module prior to version 1.5. Cisco Bug IDs: CSCve89638. | ||||
| CVE-2016-8317 | 1 Oracle | 1 Flexcube Investor Servicing | 2025-04-20 | N/A |
| Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.3 (Integrity impacts). | ||||
| CVE-2016-8319 | 1 Oracle | 1 Flexcube Investor Servicing | 2025-04-20 | N/A |
| Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). | ||||
| CVE-2016-8315 | 1 Oracle | 1 Flexcube Investor Servicing | 2025-04-20 | N/A |
| Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure Code). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts). | ||||