Vulnerabilities (CVE)

Filtered by CWE-264
Total 5243 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-5157 2 Linux, Redhat 6 Linux Kernel, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more 2024-03-14 7.2 HIGH N/A
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.
CVE-2024-22452 2024-03-04 N/A 7.3 HIGH
Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation.
CVE-2023-47716 2024-03-01 N/A 6.3 MEDIUM
IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain the privileges of another user under unusual circumstances. IBM X-Force ID: 271656.
CVE-2016-1337 1 Cisco 2 Epc3928, Epc3928 Firmware 2024-02-14 4.3 MEDIUM 8.1 HIGH
Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178.
CVE-2007-0436 1 Barron Mccann 4 Install, X-kryptor Driver, X-kryptor Secure Client and 1 more 2024-02-14 4.6 MEDIUM N/A
Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install BMS1472) in X-Kryptor Secure Client does not drop privileges when launching an Explorer window in response to a help command, which allows local users to gain LocalSystem privileges via interactive use of Explorer.
CVE-2006-3344 1 Siemens 1 Speedstream Wireless Router 2024-02-14 7.5 HIGH N/A
Siemens Speedstream Wireless Router 2624 allows local users to bypass authentication and access protected files by using the Universal Plug and Play UPnP/1.0 component.
CVE-2009-2705 2 Broadcom, Sun 2 Siteminder, J2ee 2024-02-14 4.3 MEDIUM N/A
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.
CVE-2016-8769 1 Huawei 1 Utps Firmware 2024-02-14 7.2 HIGH 6.7 MEDIUM
Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed.
CVE-2006-4253 3 K-meleon Project, Mozilla, Netscape 3 K-meleon, Firefox, Navigator 2024-02-14 7.6 HIGH N/A
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.
CVE-2006-2560 1 Sitecom 2 Wl-153, Wl-153 Router Firmware 2024-02-14 7.5 HIGH N/A
Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.
CVE-2009-2704 1 Sun 1 J2ee 2024-02-14 4.3 MEDIUM N/A
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).
CVE-2013-7432 1 Mapsplugin 1 Googlemaps 2024-02-14 5.0 MEDIUM 7.5 HIGH
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism.
CVE-2009-0383 1 Mzbservices 1 Max.blog 2024-02-14 6.4 MEDIUM N/A
delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request.
CVE-2006-2562 1 Zyxel 1 P-335wt Router 2024-02-14 7.5 HIGH N/A
ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.
CVE-2007-6424 1 Netfortris 1 Trixbox 2024-02-14 4.3 MEDIUM N/A
registry.pl in Fonality Trixbox 2.0 PBX products, when running in certain environments, reads and executes a set of commands from a remote web site without sufficiently validating the origin of the commands, which allows remote attackers to disable trixbox and execute arbitrary commands via a DNS spoofing attack.
CVE-2006-1380 1 Trendmicro 1 Interscan Messaging Security Suite 2024-02-14 7.2 HIGH N/A
ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite (IMSS) 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying ISNTSysMonitor.exe.
CVE-2012-4035 1 Pbboard 1 Pbboard 2024-02-14 7.5 HIGH N/A
The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.
CVE-2023-47142 1 Ibm 1 Tivoli Application Dependency Discovery Manager 2024-02-08 N/A 8.8 HIGH
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 could allow an attacker on the organization's local network to escalate their privileges due to unauthorized API access. IBM X-Force ID: 270267.
CVE-2015-3290 1 Linux 1 Linux Kernel 2024-02-05 7.2 HIGH N/A
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window.
CVE-2023-44281 1 Dell 1 Pair 2024-01-30 N/A 7.1 HIGH
Dell Pair Installer version prior to 1.2.1 contains an elevation of privilege vulnerability. A low privilege user with local access to the system could potentially exploit this vulnerability to delete arbitrary files and result in Denial of Service.