Total
5482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7016 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.6 HIGH | N/A |
|
The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app.
|
|||||
| CVE-2016-0905 | 1 Emc | 1 Avamar Server | 2025-04-12 | 7.2 HIGH | 6.7 MEDIUM |
|
Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root privileges by leveraging admin access and entering a sudo command.
|
|||||
| CVE-2011-5319 | 1 Google | 1 Chrome | 2025-04-12 | 5.0 MEDIUM | N/A |
|
content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231.
|
|||||
| CVE-2015-5498 | 1 Shipwire Api Project | 1 Shipwire Api | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive information via a request to the page.
|
|||||
| CVE-2015-3847 | 1 Google | 1 Android | 2025-04-12 | 6.4 MEDIUM | N/A |
|
Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270.
|
|||||
| CVE-2014-5507 | 1 Pro Softnet Corporation | 1 Ibackup | 2025-04-12 | 7.2 HIGH | N/A |
|
iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file.
|
|||||
| CVE-2016-1625 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2025-04-12 | 4.3 MEDIUM | 4.3 MEDIUM |
|
The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc.
|
|||||
| CVE-2014-4830 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | 4.3 MEDIUM | N/A |
|
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
|
|||||
| CVE-2014-0539 | 4 Adobe, Apple, Linux and 1 more | 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on Windows and OS X and before 11.2.202.394 on Linux, Adobe AIR before 14.0.0.137 on Android, Adobe AIR SDK before 14.0.0.137, and Adobe AIR SDK & Compiler before 14.0.0.137 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0537.
|
|||||
| CVE-2015-5253 | 1 Apache | 1 Cxf | 2025-04-12 | 4.0 MEDIUM | N/A |
|
The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack."
|
|||||
| CVE-2015-8600 | 1 Sap | 1 Mobile Platform | 2025-04-12 | 7.5 HIGH | N/A |
|
The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855.
|
|||||
| CVE-2015-8709 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 6.9 MEDIUM | 7.0 HIGH |
|
kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states "there is no kernel bug here.
|
|||||
| CVE-2015-2364 | 1 Microsoft | 9 Windows 2003 Server, Windows 7, Windows 8 and 6 more | 2025-04-12 | 7.2 HIGH | N/A |
|
The graphics component in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application that leverages an incorrect bitmap conversion, aka "Graphics Component EOP Vulnerability."
|
|||||
| CVE-2016-5572 | 1 Oracle | 1 Database | 2025-04-12 | 4.4 MEDIUM | 6.4 MEDIUM |
|
Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
|
|||||
| CVE-2016-7222 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privilege Vulnerability."
|
|||||
| CVE-2014-2886 | 1 Nongnu | 1 Gksu | 2025-04-12 | 6.8 MEDIUM | N/A |
|
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during installation of a VirtualBox extension pack.
|
|||||
| CVE-2014-7194 | 1 Tibco | 4 Managed File Transfer Command Center, Managed File Transfer Internet Server, Slingshot and 1 more | 2025-04-12 | 6.4 MEDIUM | N/A |
|
TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access.
|
|||||
| CVE-2014-9633 | 1 Comodo | 1 Backup | 2025-04-12 | 7.5 HIGH | N/A |
|
The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference.
|
|||||
| CVE-2014-5232 | 2 Apple, Siemens | 2 Iphone Os, Simatic Wincc Sm\@rtclient | 2025-04-12 | 1.9 LOW | N/A |
|
The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state.
|
|||||
| CVE-2014-3063 | 1 Ibm | 2 Infosphere Master Data Management, Infosphere Master Data Management Server For Product Information Management | 2025-04-12 | 7.5 HIGH | N/A |
|
IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1-FP11 and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x before 9.1-FP15 and 10.x and 11.x before 11.3-IF2 allow local users to obtain administrator privileges via unspecified vectors.
|
|||||
| CVE-2014-4122 | 1 Microsoft | 1 .net Framework | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability."
|
|||||
| CVE-2015-8753 | 1 Sap | 1 Afaria | 2025-04-12 | 9.4 HIGH | 9.1 CRITICAL |
|
SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905.
|
|||||
| CVE-2015-7411 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-12 | 9.0 HIGH | 9.9 CRITICAL |
|
The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors.
|
|||||
| CVE-2015-8440 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-8409 and CVE-2015-8453.
|
|||||
| CVE-2015-2756 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 4.9 MEDIUM | N/A |
|
QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
|
|||||
| CVE-2016-3266 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 10.0 HIGH | 7.8 HIGH |
|
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3376, CVE-2016-7185, and CVE-2016-7211.
|
|||||
| CVE-2016-3349 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
The kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
|
|||||
| CVE-2014-9048 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The documents application in ownCloud Server 6.x before 6.0.6 and 7.x before 7.0.3 allows remote attackers to bypass the password-protection for shared files via the API.
|
|||||
| CVE-2014-3576 | 2 Apache, Oracle | 3 Activemq, Business Intelligence Publisher, Fusion Middleware | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.
|
|||||
| CVE-2015-3185 | 3 Apache, Apple, Canonical | 5 Http Server, Mac Os X, Mac Os X Server and 2 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior.
|
|||||
| CVE-2011-5294 | 1 Kofax | 1 Kofax E-transactions Sender Sendbox | 2025-04-12 | 6.4 MEDIUM | N/A |
|
The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in LTCML14n.dll 14.0.0.34 in Kofax e-Transactions Sender Sendbox 2.5.0.933 allows remote attackers to write to arbitrary files via a pathname in the first argument.
|
|||||
| CVE-2015-3865 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | N/A |
|
The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463.
|
|||||
| CVE-2015-6614 | 1 Google | 1 Android | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage or mute manipulation), via a crafted application, aka internal bug 21900139.
|
|||||
| CVE-2016-0908 | 1 Emc | 1 Isilon Onefs | 2025-04-12 | 6.8 MEDIUM | 6.7 MEDIUM |
|
EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.
|
|||||
| CVE-2012-6110 | 1 Bcron Project | 1 Bcron Exec | 2025-04-12 | 2.1 LOW | N/A |
|
bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor.
|
|||||
| CVE-2015-4351 | 1 Web-dorado | 1 Web-dorado Spider Video Player | 2025-04-12 | 4.9 MEDIUM | N/A |
|
The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL.
|
|||||
| CVE-2016-1751 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
|
The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app.
|
|||||
| CVE-2014-9632 | 1 Avg | 2 Internet Security, Protection | 2025-04-12 | 7.2 HIGH | N/A |
|
The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 Hot Fix 18 and 2015.x before 2015.5315 and Protection before 2015.5315 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted 0x830020f8 IOCTL call.
|
|||||
| CVE-2015-5342 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.
|
|||||
| CVE-2015-4185 | 1 Cisco | 1 Ios | 2025-04-12 | 6.9 MEDIUM | N/A |
|
The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202.
|
|||||