Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5493 | 1 Entityform Block Project | 1 Entityform Block | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors.
|
|||||
| CVE-2015-4219 | 1 Cisco | 2 Identity Services Engine Software, Secure Access Control System | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331.
|
|||||
| CVE-2014-5246 | 1 Tenda | 2 A5s, A5s Firmware | 2025-04-12 | 10.0 HIGH | N/A |
|
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
|
|||||
| CVE-2016-9120 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time.
|
|||||
| CVE-2014-3209 | 1 Nlnetlabs | 1 Ldns | 2025-04-12 | 2.1 LOW | N/A |
|
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.
|
|||||
| CVE-2016-9223 | 1 Cisco | 1 Cloudcenter Orchestrator | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vulnerability affect all releases of Cisco CloudCenter Orchestrator (CCO) deployments where the Docker Engine TCP port 2375 is open on the system and bound to local address 0.0.0.0 (any interface).
|
|||||
| CVE-2016-0148 | 1 Microsoft | 1 .net Framework | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability."
|
|||||
| CVE-2014-4124 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-4123.
|
|||||
| CVE-2012-6657 | 2 Linux, Novell | 2 Linux Kernel, Suse Linux Enterprise Server | 2025-04-12 | 4.9 MEDIUM | N/A |
|
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5.7 does not ensure that a keepalive action is associated with a stream socket, which allows local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket.
|
|||||
| CVE-2016-1712 | 1 Paloaltonetworks | 1 Pan-os | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation.
|
|||||
| CVE-2015-5496 | 1 Pass2pdf Project | 1 Pass2pdf | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors.
|
|||||
| CVE-2014-4062 | 1 Microsoft | 1 .net Framework | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via a crafted web site, aka ".NET ASLR Vulnerability."
|
|||||
| CVE-2014-2857 | 1 Gopivotal | 2 Grails, Grails-resources | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote attackers to obtain sensitive information via a direct request. NOTE: this issue was SPLIT from CVE-2014-0053 due to different researchers per ADT5.
|
|||||
| CVE-2015-8940 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367.
|
|||||
| CVE-2015-0713 | 1 Cisco | 10 Telepresence Advanced Media Gateway, Telepresence Ip Gateway, Telepresence Ip Vcr 1.0 Converter and 7 more | 2025-04-12 | 9.0 HIGH | N/A |
|
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Softwar ...
Show More |
|||||
| CVE-2015-7003 | 1 Apple | 1 Mac Os X | 2025-04-12 | 6.8 MEDIUM | N/A |
|
coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app.
|
|||||
| CVE-2015-5511 | 1 Hybridauth Social Login Project | 1 Hybridauth Social Login | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social login.
|
|||||
| CVE-2016-8632 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.
|
|||||
| CVE-2016-3811 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556.
|
|||||
| CVE-2016-8101 | 1 Intel | 1 Solid-state Drive Toolbox | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2016-1887 | 1 Freebsd | 1 Freebsd | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.
|
|||||
| CVE-2015-3101 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, when Internet Explorer is used, allows attackers to perform a transition from Low Integrity to Medium In ...
Show More |
|||||
| CVE-2014-1351 | 1 Apple | 1 Iphone Os | 2025-04-12 | 3.6 LOW | N/A |
|
Siri in Apple iOS before 7.1.2 allows physically proximate attackers to bypass an intended lock-screen passcode requirement, and read a contact list, via a Siri request that refers to a contact ambiguously.
|
|||||
| CVE-2014-9799 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protection mechanism, aka Android internal bug 28821731 and Qualcomm internal bug CR691916.
|
|||||
| CVE-2014-2515 | 1 Emc | 1 Documentum D2 | 2025-04-12 | 8.5 HIGH | N/A |
|
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.
|
|||||
| CVE-2016-5723 | 1 Huawei | 1 Fusioninsight Hd | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unspecified vectors.
|
|||||
| CVE-2014-9796 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a crafted boot image, aka Android internal bug 28820722 and Qualcomm internal bug CR684756.
|
|||||
| CVE-2015-7685 | 1 Glpi-project | 1 Glpi | 2025-04-12 | 4.0 MEDIUM | N/A |
|
GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php.
|
|||||
| CVE-2015-5723 | 3 Debian, Doctrine-project, Zend | 10 Debian Linux, Annotations, Cache and 7 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB ODM Bundle before 3.0.1 use world-writable permissions for cache directories, which allows local users to execute arbitrary PHP code with additional privileges by leveraging an application with the umask set to 0 and that executes cache entries as code.
|
|||||
| CVE-2014-4759 | 1 Ibm | 1 Business Process Manager | 2025-04-12 | 4.0 MEDIUM | N/A |
|
An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results.
|
|||||
| CVE-2016-0374 | 1 Ibm | 1 Tririga Application Platform | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors.
|
|||||
| CVE-2016-0239 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors.
|
|||||
| CVE-2016-4158 | 2 Adobe, Microsoft | 2 Creative Cloud, Windows | 2025-04-12 | 6.9 MEDIUM | 7.3 HIGH |
|
Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.
|
|||||
| CVE-2014-4157 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.6 MEDIUM | N/A |
|
arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem.
|
|||||
| CVE-2016-2446 | 1 Google | 2 Android, Nexus 9 | 2025-04-12 | 7.6 HIGH | 7.0 HIGH |
|
The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354.
|
|||||
| CVE-2016-3213 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
|
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka "WPAD Elevation of Privilege Vulnerability."
|
|||||
| CVE-2016-4802 | 1 Haxx | 1 Curl | 2025-04-12 | 6.9 MEDIUM | 7.8 HIGH |
|
Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.
|
|||||
| CVE-2014-1282 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | 5.8 MEDIUM | N/A |
|
The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name.
|
|||||
| CVE-2015-5989 | 1 Zyxel | 1 Gs1900-10hp Firmware | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values.
|
|||||
| CVE-2014-8558 | 1 Jexperts | 1 Channel Platform | 2025-04-12 | 6.5 MEDIUM | N/A |
|
JExperts Channel Platform 5.0.33_CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters.
|
|||||