Search Results (5477 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-6903 1 Lshell Project 1 Lshell 2025-04-20 N/A
lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.
CVE-2015-1590 1 Kamailio 1 Kamailio 2025-04-20 N/A
The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl.
CVE-2016-3998 1 Netapp 1 Altavault 2025-04-20 N/A
NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
CVE-2016-6526 1 Samsung 1 Samsung Mobile 2025-04-20 N/A
The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
CVE-2016-6772 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351.
CVE-2016-7583 1 Apple 1 Icloud 2025-04-20 N/A
An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory.
CVE-2016-9386 2 Citrix, Xen 2 Xenserver, Xen 2025-04-20 N/A
The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.
CVE-2017-6624 1 Cisco 1 Ios 2025-04-20 N/A
A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager Express (CME) could allow an unauthenticated, remote attacker to make unauthorized phone calls. The vulnerability is due to a configuration restriction in the toll-fraud protections component of the affected software. An attacker could exploit this vulnerability to place unauthorized, long-distance phone calls by using an affected system. Cisco Bug IDs: CSCuy40939.
CVE-2015-8671 1 Huawei 1 Logcenter 2025-04-20 N/A
Huawei LogCenter V100R001C10 could allow an authenticated attacker to tamper with requests using a tool and submit a request to the server for privilege escalation, affecting some system functions.
CVE-2015-1324 1 Canonical 1 Ubuntu Linux 2025-04-20 N/A
Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries.
CVE-2016-6762 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31251826.
CVE-2015-8993 1 Mcafee 3 Cloud Av, Security Scan Plus, Security Webadvisor 2025-04-20 N/A
Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation.
CVE-2016-5374 1 Netapp 1 Data Ontap 2025-04-20 N/A
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.
CVE-2016-7955 1 Alienvault 2 Ossim, Unified Security Management 2025-04-20 N/A
The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, when an action has been created, and USM before 5.3.1 allows remote attackers to bypass authentication and consequently obtain sensitive information, modify the application, or execute arbitrary code as root via an "AV Report Scheduler" HTTP User-Agent header.
CVE-2010-5327 1 Liferay 1 Liferay Portal 2025-04-20 N/A
Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.
CVE-2016-8803 1 Huawei 1 Fusionstorage 2025-04-20 N/A
The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage.
CVE-2015-4650 1 Arubanetworks 1 Clearpass Policy Manager 2025-04-20 N/A
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.
CVE-2014-3222 1 Huawei 1 Espace Meeting 2025-04-20 N/A
In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources.
CVE-2016-10291 1 Linux 1 Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34030871. References: QC-CR#986837.
CVE-2016-9251 1 F5 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more 2025-04-20 N/A
In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection.