Total
4707 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3930 | 1 Lg Project | 1 Lg | 2025-04-20 | N/A |
| lg.pl in Cistron-LG 1.01 stores sensitive information under the web root with insufficient access controls, which allows remote attackers to obtain IP addresses and other unspecified router credentials. | ||||
| CVE-2016-6784 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350755. References: MT-ALPS02961424. | ||||
| CVE-2017-17449 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Mrg and 2 more | 2025-04-20 | N/A |
| The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system. | ||||
| CVE-2015-3163 | 1 Redhat | 1 Beaker | 2025-04-20 | 4.3 Medium |
| The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively. | ||||
| CVE-2016-9976 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2025-04-20 | N/A |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-Force ID: 120252. | ||||
| CVE-2015-3302 | 1 Thecartpress | 1 Thecartpress Ecommerce Shopping Cart | 2025-04-20 | N/A |
| The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism." | ||||
| CVE-2014-9148 | 1 Fiyo | 1 Fiyo Cms | 2025-04-20 | N/A |
| Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur. | ||||
| CVE-2016-7032 | 2 Redhat, Todd Miller | 2 Enterprise Linux, Sudo | 2025-04-20 | N/A |
| sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. | ||||
| CVE-2017-17450 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. | ||||
| CVE-2015-2687 | 1 Openstack | 1 Compute | 2025-04-20 | N/A |
| OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for. | ||||
| CVE-2016-8444 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Qualcomm camera could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31243641. References: QC-CR#1074310. | ||||
| CVE-2017-15891 | 1 Synology | 1 Calendar | 2025-04-20 | N/A |
| Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors. | ||||
| CVE-2015-2692 | 1 Adblock | 1 Adblock | 2025-04-20 | N/A |
| AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters. | ||||
| CVE-2017-15114 | 1 Redhat | 1 Openstack Platform | 2025-04-20 | N/A |
| When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes. | ||||
| CVE-2016-8643 | 1 Moodle | 1 Moodle | 2025-04-20 | N/A |
| In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. | ||||
| CVE-2016-8010 | 1 Mcafee | 2 Application Control, Endpoint Security | 2025-04-20 | N/A |
| Application protections bypass vulnerability in Intel Security McAfee Application Control (MAC) 7.0 and earlier and Endpoint Security (ENS) 10.2 and earlier allows local users to bypass local security protection via a command-line utility. | ||||
| CVE-2016-6755 | 1 Linux | 1 Linux Kernel | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-30740545. References: QC-CR#1065916. | ||||
| CVE-2016-5750 | 1 Netiq | 1 Access Manager | 2025-04-20 | N/A |
| The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allowing code execution by logged-in remote users. | ||||
| CVE-2025-21588 | 1 Oracle | 1 Mysql Server | 2025-04-19 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | ||||
| CVE-2025-31726 | 1 Jenkins | 1 Stack Hammer | 2025-04-18 | 5.5 Medium |
| Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | ||||