Search Results (5114 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-8284 1 Seawell Networks 1 Spectrum Sdc 2025-04-20 N/A
SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.
CVE-2015-0110 1 Ibm 2 Business Process Manager, Websphere Application Server 2025-04-20 N/A
IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL.
CVE-2015-9029 1 Google 1 Android 2025-04-20 N/A
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory.
CVE-2014-9831 1 Imagemagick 1 Imagemagick 2025-04-20 8.8 High
coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file.
CVE-2016-4383 1 Hp 1 Helion Openstack Glance 2025-04-20 N/A
The glance-manage db in all versions of HPE Helion Openstack Glance allows deleted image ids to be reassigned, which allows remote authenticated users to cause other users to boot into a modified image without notification of the change.
CVE-2016-6255 2 Debian, Libupnp Project 2 Debian Linux, Libupnp 2025-04-20 N/A
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
CVE-2016-3107 2 Pulpproject, Redhat 3 Pulp, Satellite, Satellite Capsule 2025-04-20 N/A
The Node certificate in Pulp before 2.8.3 contains the private key, and is stored in a world-readable file in the "/etc/pki/pulp/nodes/" directory, which allows local users to gain access to sensitive data.
CVE-2016-6089 1 Ibm 1 Websphere Mq 2025-04-20 N/A
IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.
CVE-2017-8448 1 Elastic 1 X-pack 2025-04-20 N/A
An error was found in the permission model used by X-Pack Alerting 5.0.0 to 5.6.0 whereby users mapped to certain built-in roles could create a watch that results in that user gaining elevated privileges.
CVE-2016-10124 1 Linuxcontainers 1 Lxc 2025-04-20 N/A
An issue was discovered in Linux Containers (LXC) before 2016-02-22. When executing a program via lxc-attach, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the container.
CVE-2016-6085 1 Ibm 1 Bigfix Platform 2025-04-20 N/A
IBM BigFix Platform could allow an attacker on the local network to crash the BES and relay servers.
CVE-2015-8973 1 Mybb 2 Merge System, Mybb 2025-04-20 N/A
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password.
CVE-2016-6077 1 Ibm 1 Cognos Disclosure Management 2025-04-20 N/A
IBM Cognos Disclosure Management 10.2 could allow a malicious attacker to execute commands as a lower privileged user that opens a malicious document. IBM Reference #: 1991584.
CVE-2016-5990 1 Ibm 1 Security Privileged Identity Manager 2025-04-20 N/A
IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload malicious files that would be automatically executed by the server.
CVE-2016-9008 1 Ibm 1 Urbancode Deploy 2025-04-20 N/A
IBM UrbanCode Deploy could allow a malicious user to access the Agent Relay ActiveMQ Broker JMX interface and run plugins on the agent.
CVE-2025-21588 1 Oracle 1 Mysql Server 2025-04-19 4.9 Medium
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2025-31726 1 Jenkins 1 Stack Hammer 2025-04-18 5.5 Medium
Jenkins Stack Hammer Plugin 1.0.6 and earlier stores Stack Hammer API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
CVE-2023-49543 1 Book Store Management System Project 1 Book Store Management System 2025-04-18 9.8 Critical
Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating.
CVE-2022-31708 1 Vmware 1 Vrealize Operations 2025-04-18 4.9 Medium
vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4.
CVE-2022-25627 1 Broadcom 1 Symantec Identity Governance And Administration 2025-04-18 6.7 Medium
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4