Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0223 | 1 Kingston | 3 Datatraveler Blackbox, Datatraveler Elite, Datatraveler Secure | 2018-08-13 | 2.1 LOW | N/A |
| Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives do not prevent password replay attacks, which allows physically proximate attackers to access the cleartext drive contents by providing a key that was captured in a USB data stream at an earlier time. | |||||
| CVE-2010-0221 | 1 Kingston | 3 Datatraveler Blackbox, Datatraveler Elite, Datatraveler Secure | 2018-08-13 | 2.1 LOW | N/A |
| Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy Edition (DTSP), and DataTraveler Elite Privacy Edition (DTEP) USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program. | |||||
| CVE-1999-0496 | 1 Microsoft | 1 Windows Nt | 2018-08-13 | 7.2 HIGH | N/A |
| A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin. | |||||
| CVE-1999-0227 | 1 Microsoft | 1 Windows Nt | 2018-08-13 | 5.0 MEDIUM | N/A |
| Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service. | |||||
| CVE-2015-8023 | 2 Canonical, Strongswan | 2 Ubuntu Linux, Strongswan | 2018-08-13 | 5.0 MEDIUM | N/A |
| The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message. | |||||
| CVE-2014-7921 | 1 Google | 1 Android | 2018-08-13 | 10.0 HIGH | 9.8 CRITICAL |
| mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920. | |||||
| CVE-2016-9075 | 1 Mozilla | 1 Firefox | 2018-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50. | |||||
| CVE-2016-9070 | 1 Mozilla | 1 Firefox | 2018-08-01 | 6.8 MEDIUM | 8.0 HIGH |
| A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50. | |||||
| CVE-2016-9073 | 1 Mozilla | 1 Firefox | 2018-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50. | |||||
| CVE-2016-5295 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2018-07-30 | 4.6 MEDIUM | 7.8 HIGH |
| This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50. | |||||
| CVE-2015-3255 | 1 Polkit Project | 1 Polkit | 2018-07-27 | 4.6 MEDIUM | N/A |
| The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions. | |||||
| CVE-2014-2532 | 2 Openbsd, Oracle | 2 Openssh, Communications User Data Repository | 2018-07-18 | 5.8 MEDIUM | 4.9 MEDIUM |
| sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. | |||||
| CVE-2013-3024 | 1 Ibm | 1 Websphere Application Server | 2018-06-25 | 7.2 HIGH | 7.8 HIGH |
| IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362. | |||||
| CVE-2016-10323 | 1 Synology | 1 Photo Station | 2018-06-13 | 7.2 HIGH | 7.8 HIGH |
| Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. | |||||
| CVE-2016-4656 | 1 Apple | 1 Iphone Os | 2018-06-07 | 9.3 HIGH | 7.8 HIGH |
| The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2014-1846 | 1 Enlightenment | 1 Enlightenment | 2018-06-07 | 4.6 MEDIUM | 7.8 HIGH |
| Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. | |||||
| CVE-2014-1845 | 1 Enlightenment | 1 Enlightenment | 2018-06-07 | 4.6 MEDIUM | 7.8 HIGH |
| An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. | |||||
| CVE-2013-7202 | 1 Paypal | 1 Paypal | 2018-06-07 | 6.8 MEDIUM | 8.1 HIGH |
| The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system. | |||||
| CVE-2014-2552 | 1 Brookinsconsulting | 1 Collected Information Export | 2018-06-06 | 7.5 HIGH | 9.8 CRITICAL |
| Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data. | |||||
| CVE-2013-3947 | 1 Ahnlab | 1 V3 Internet Security | 2018-06-04 | 7.2 HIGH | 7.8 HIGH |
| Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 (Build 1373) allows local users to gain privileges via a crafted 0xA3350014 IOCTL call. | |||||