Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2968 | 1 Ibm | 1 Security Qradar Incident Forensics | 2025-04-12 | 5.5 MEDIUM | 6.5 MEDIUM |
|
IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors.
|
|||||
| CVE-2015-8955 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-12 | 6.9 MEDIUM | 7.3 HIGH |
|
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.
|
|||||
| CVE-2016-2451 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate VPX output buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27597103.
|
|||||
| CVE-2014-9249 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | 7.5 HIGH | N/A |
|
The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408.
|
|||||
| CVE-2015-6520 | 1 Ippusbxd Project | 1 Ippusbxd | 2025-04-12 | 7.5 HIGH | N/A |
|
IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request.
|
|||||
| CVE-2015-2481 | 1 Microsoft | 1 .net Framework | 2025-04-12 | 9.3 HIGH | N/A |
|
The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2479 and CVE-2015-2480.
|
|||||
| CVE-2014-9387 | 1 Sap | 1 Businessobjects | 2025-04-12 | 10.0 HIGH | N/A |
|
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
|
|||||
| CVE-2014-1552 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not properly implement the sandbox attribute of the IFRAME element, which allows remote attackers to bypass intended restrictions on same-origin content via a crafted web site in conjunction with a redirect.
|
|||||
| CVE-2015-3630 | 1 Docker | 1 Docker | 2025-04-12 | 7.2 HIGH | N/A |
|
Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image.
|
|||||
| CVE-2014-2126 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 8.5 HIGH | N/A |
|
Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by leveraging level-0 ASDM access, aka Bug ID CSCuj33496.
|
|||||
| CVE-2015-1703 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1704.
|
|||||
| CVE-2013-4500 | 1 Quiz Module Project | 1 Quiz | 2025-04-12 | 4.9 MEDIUM | N/A |
|
The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the delete option.
|
|||||
| CVE-2014-2227 | 1 Ui | 1 Unifi Video | 2025-04-12 | 6.0 MEDIUM | N/A |
|
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.
|
|||||
| CVE-2016-2504 | 1 Google | 1 Android | 2025-04-12 | 6.9 MEDIUM | 7.8 HIGH |
|
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.
|
|||||
| CVE-2015-5663 | 1 Rarlab | 1 Winrar | 2025-04-12 | 3.7 LOW | 7.4 HIGH |
|
The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the user.
|
|||||
| CVE-2014-0119 | 1 Apache | 1 Tomcat | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted ...
Show More |
|||||
| CVE-2016-0143 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0165 and CVE-2016-0167.
|
|||||
| CVE-2015-3458 | 1 Magento | 1 Magento | 2025-04-12 | 6.5 MEDIUM | N/A |
|
The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stream wrapper, related to the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary ...
Show More |
|||||
| CVE-2016-1632 | 1 Google | 1 Chrome | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
The Extensions subsystem in Google Chrome before 49.0.2623.75 does not properly maintain own properties, which allows remote attackers to bypass intended access restrictions via crafted JavaScript code that triggers an incorrect cast, related to extensions/renderer/v8_helpers.h and gin/converter.h.
|
|||||
| CVE-2015-7063 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.2 HIGH | N/A |
|
The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname.
|
|||||
| CVE-2016-4962 | 2 Oracle, Xen | 2 Vm Server, Xen | 2025-04-12 | 6.8 MEDIUM | 6.7 MEDIUM |
|
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
|
|||||
| CVE-2014-1353 | 1 Apple | 1 Iphone Os | 2025-04-12 | 3.6 LOW | N/A |
|
Lock Screen in Apple iOS before 7.1.2 does not properly manage the telephony state in Airplane Mode, which allows physically proximate attackers to bypass the lock protection mechanism, and access a certain foreground application, via unspecified vectors.
|
|||||
| CVE-2014-0300 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2025-04-12 | 7.2 HIGH | N/A |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
|
|||||
| CVE-2015-5995 | 2 Mediabridge, Tenda | 3 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware, N3 Wireless N150 | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.
|
|||||
| CVE-2015-6174 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 7.2 HIGH | N/A |
|
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6171 and CVE-2015-6173.
|
|||||
| CVE-2016-2448 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27533704.
|
|||||
| CVE-2014-7846 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | N/A |
|
tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request.
|
|||||
| CVE-2014-0078 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The CatalogController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to delete arbitrary catalogs via vectors involving guessing the catalog ID.
|
|||||
| CVE-2015-0821 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions.
|
|||||
| CVE-2016-2452 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 27662364 and 27843673.
|
|||||
| CVE-2016-3239 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via vectors involving filesystem write operations, aka "Windows Print Spooler Elevation of Privilege Vulnerability."
|
|||||
| CVE-2015-6621 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | N/A |
|
SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438.
|
|||||
| CVE-2014-7986 | 1 Espocrm | 1 Espocrm | 2025-04-12 | 5.0 MEDIUM | N/A |
|
install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter.
|
|||||
| CVE-2015-4483 | 3 Mozilla, Opensuse, Oracle | 3 Firefox, Opensuse, Solaris | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request.
|
|||||
| CVE-2014-9641 | 1 Trendmicro | 1 Tmeext.sys | 2025-04-12 | 7.2 HIGH | N/A |
|
The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, Internet Security, and Maximum Security allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222400 IOCTL call.
|
|||||
| CVE-2014-9802 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965 and Qualcomm internal bug CR705108.
|
|||||
| CVE-2015-4505 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-12 | 6.6 MEDIUM | N/A |
|
updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service.
|
|||||
| CVE-2016-2462 | 1 Google | 1 Android | 2025-04-12 | 7.6 HIGH | 7.0 HIGH |
|
OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173.
|
|||||
| CVE-2016-3861 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543.
|
|||||
| CVE-2015-7707 | 1 Igniterealtime | 1 Openfire | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
|
|||||