Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4777 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.
|
|||||
| CVE-2014-8175 | 1 Redhat | 1 Jboss Fuse | 2025-04-12 | 6.0 MEDIUM | N/A |
|
Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
|
|||||
| CVE-2016-1531 | 1 Exim | 1 Exim | 2025-04-12 | 6.9 MEDIUM | 7.0 HIGH |
|
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
|
|||||
| CVE-2012-5243 | 1 Bananadance | 1 Banana Dance | 2025-04-12 | 5.0 MEDIUM | N/A |
|
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.
|
|||||
| CVE-2014-2533 | 1 Blackberry | 1 Qnx Neutrino Rtos | 2025-04-12 | 7.2 HIGH | N/A |
|
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
|
|||||
| CVE-2014-0888 | 1 Ibm | 2 Mobile Foundation, Worklight | 2025-04-12 | 4.9 MEDIUM | N/A |
|
IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors.
|
|||||
| CVE-2016-3387 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 6.8 MEDIUM | 7.5 HIGH |
|
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3388.
|
|||||
| CVE-2015-5961 | 1 Mozilla | 1 Firefox Os | 2025-04-12 | 3.3 LOW | N/A |
|
The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to bypass intended access restrictions by spoofing that server.
|
|||||
| CVE-2015-6044 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Microsoft Internet Explorer 8 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability."
|
|||||
| CVE-2016-3875 | 1 Google | 1 Android | 2025-04-12 | 7.2 HIGH | 6.8 MEDIUM |
|
server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access restrictions and boot to safe mode via unspecified vectors, aka internal bug 26251884.
|
|||||
| CVE-2014-0192 | 1 Theforeman | 1 Foreman | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Foreman 1.4.0 before 1.5.0 does not properly restrict access to provisioning template previews, which allows remote attackers to obtain sensitive information via the hostname parameter, related to "spoof."
|
|||||
| CVE-2015-6607 | 2 Google, Sqlite | 2 Android, Sqlite | 2025-04-12 | 6.8 MEDIUM | N/A |
|
SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.
|
|||||
| CVE-2015-0773 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 5.5 MEDIUM | N/A |
|
Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078.
|
|||||
| CVE-2014-8734 | 1 Drupal | 1 Organic Groups Menu | 2025-04-12 | 3.5 LOW | N/A |
|
The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors.
|
|||||
| CVE-2016-1631 | 1 Google | 1 Chrome | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
|
|||||
| CVE-2013-4196 | 1 Plone | 1 Plone | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.
|
|||||
| CVE-2016-2435 | 1 Google | 2 Android, Nexus 9 | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27297988.
|
|||||
| CVE-2016-1337 | 1 Cisco | 2 Epc3928, Epc3928 Firmware | 2025-04-12 | 4.3 MEDIUM | 8.1 HIGH |
|
Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178.
|
|||||
| CVE-2015-6100 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 6.9 MEDIUM | N/A |
|
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6101.
|
|||||
| CVE-2016-3225 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 6.9 MEDIUM | 7.8 HIGH |
|
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability."
|
|||||
| CVE-2016-3793 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026625.
|
|||||
| CVE-2015-7052 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.2 HIGH | N/A |
|
kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors.
|
|||||
| CVE-2015-2554 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 7.2 HIGH | N/A |
|
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerability."
|
|||||
| CVE-2014-5179 | 2 Freelinking For Case Tracker Project, Freelinking Project | 2 Freelinking For Case Tracker, Freelinking | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link.
|
|||||
| CVE-2012-5498 | 1 Plone | 1 Plone | 2025-04-12 | 5.0 MEDIUM | N/A |
|
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
|
|||||
| CVE-2016-6739 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30074605. References: Qualcomm QC-CR#1049826.
|
|||||
| CVE-2015-3801 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors.
|
|||||
| CVE-2014-0050 | 2 Apache, Oracle | 3 Commons Fileupload, Tomcat, Retail Applications | 2025-04-12 | 7.5 HIGH | N/A |
|
MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.
|
|||||
| CVE-2015-1685 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass."
|
|||||
| CVE-2015-3283 | 1 Openafs | 1 Openafs | 2025-04-12 | 6.8 MEDIUM | N/A |
|
OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.
|
|||||
| CVE-2016-4997 | 5 Canonical, Debian, Linux and 2 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
|
|||||
| CVE-2015-6861 | 1 Eucalyptus | 1 Eucalyptus | 2025-04-12 | 4.6 MEDIUM | 7.5 HIGH |
|
HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission requirement and assume an IAM role by leveraging a policy setting for a user's account.
|
|||||
| CVE-2015-3336 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL.
|
|||||
| CVE-2016-0809 | 1 Google | 1 Android | 2025-04-12 | 8.3 HIGH | 8.8 HIGH |
|
Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted application, aka internal bug 25753768.
|
|||||
| CVE-2015-5021 | 1 Ibm | 1 Infosphere Information Server | 2025-04-12 | 5.5 MEDIUM | N/A |
|
IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2014-2268 | 1 Vtiger | 1 Vtiger Crm | 2025-04-12 | 5.0 MEDIUM | N/A |
|
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.
|
|||||
| CVE-2016-7390 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000194 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.
|
|||||
| CVE-2015-6639 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.
|
|||||
| CVE-2015-1235 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.
|
|||||
| CVE-2014-4621 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | 8.5 HIGH | N/A |
|
EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and 7.1 before P08 does not properly check authorization for subtypes of protected system types, which allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.
|
|||||