Vulnerabilities (CVE)

Filtered by CWE-264
Total 5244 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-6306 3 Apple, Cisco, Linux 3 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel 2025-04-12 7.2 HIGH N/A
Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947.
CVE-2015-5272 1 Moodle 1 Moodle 2025-04-12 4.0 MEDIUM 4.3 MEDIUM
The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."
CVE-2016-0912 1 Dell 1 Emc Data Domain Os 2025-04-12 9.0 HIGH 9.8 CRITICAL
EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation.
CVE-2016-3930 1 Google 1 Android 2025-04-12 9.3 HIGH 7.8 HIGH
The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28760138.
CVE-2015-0055 1 Microsoft 1 Internet Explorer 2025-04-12 4.3 MEDIUM N/A
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
CVE-2015-0051 1 Microsoft 1 Internet Explorer 2025-04-12 4.3 MEDIUM N/A
Microsoft Internet Explorer 8 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability."
CVE-2015-6596 1 Google 1 Android 2025-04-12 9.3 HIGH N/A
mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717.
CVE-2013-7065 1 Organic Groups Project 1 Organic Groups 2025-04-12 5.8 MEDIUM N/A
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field.
CVE-2016-7444 1 Gnu 1 Gnutls 2025-04-12 5.0 MEDIUM 7.5 HIGH
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.
CVE-2015-3143 5 Apple, Canonical, Debian and 2 more 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more 2025-04-12 5.0 MEDIUM N/A
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.
CVE-2016-5231 1 Huawei 2 Mate 8, Mate 8 Firmware 2025-04-12 5.0 MEDIUM 7.8 HIGH
Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and delete user data via a crafted app.
CVE-2014-8131 1 Redhat 1 Libvirt 2025-04-12 4.0 MEDIUM N/A
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access.
CVE-2014-5284 1 Ossec 1 Ossec 2025-04-12 7.2 HIGH N/A
host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.
CVE-2012-5501 1 Plone 1 Plone 2025-04-12 5.0 MEDIUM N/A
at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL.
CVE-2015-0773 1 Cisco 1 Firesight System Software 2025-04-12 5.5 MEDIUM N/A
Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078.
CVE-2015-4394 1 Services Project 1 Services 2025-04-12 5.0 MEDIUM N/A
The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors.
CVE-2016-0822 1 Google 1 Android 2025-04-12 7.6 HIGH 7.0 HIGH
The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324.
CVE-2015-1638 1 Microsoft 1 Windows Server 2012 2025-04-12 5.8 MEDIUM N/A
Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."
CVE-2014-3848 1 Imember360 1 Imember360 2025-04-12 5.0 MEDIUM N/A
The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter.
CVE-2015-1156 1 Apple 2 Iphone Os, Safari 2025-04-12 4.3 MEDIUM N/A
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site.