Total
5238 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5251 | 1 Openstack | 1 Image Registry And Delivery Service \(glance\) | 2025-04-12 | 5.5 MEDIUM | N/A |
| OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*. | |||||
| CVE-2015-1155 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 4.3 MEDIUM | N/A |
| The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. | |||||
| CVE-2016-6644 | 1 Emc | 1 Documentum D2 | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. | |||||
| CVE-2016-0810 | 1 Google | 1 Android | 2025-04-12 | 6.9 MEDIUM | 7.8 HIGH |
| media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25781119. | |||||
| CVE-2014-0974 | 1 Little Kernel Project | 1 Little Kernel Bootloader | 2025-04-12 | 1.9 LOW | N/A |
| The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image. | |||||
| CVE-2016-2456 | 1 Google | 2 Android, Android One | 2025-04-12 | 5.1 MEDIUM | 7.0 HIGH |
| The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27275187. | |||||
| CVE-2015-1703 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 6.8 MEDIUM | N/A |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1704. | |||||
| CVE-2014-0129 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | N/A |
| badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors. | |||||
| CVE-2015-5324 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 5.0 MEDIUM | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api. | |||||
| CVE-2015-3625 | 2 Freebsd, Nvidia | 2 Freebsd, Gpu Driver | 2025-04-12 | 7.2 HIGH | N/A |
| The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before 346.72, R349 before 349.16, R343 before 343.36, R340 before 340.76, R337 before 337.25, R334 before 334.21, R331 before 331.113, and R304 before 304.125 allows local users with certain permissions to read or write arbitrary kernel memory via unspecified vectors that trigger an untrusted pointer dereference. | |||||
| CVE-2015-3290 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.2 HIGH | N/A |
| arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window. | |||||
| CVE-2014-8169 | 3 Automount Project, Opensuse, Redhat | 6 Automount, Opensuse, Enterprise Linux Desktop and 3 more | 2025-04-12 | 4.4 MEDIUM | N/A |
| automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory. | |||||
| CVE-2015-5889 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.2 HIGH | N/A |
| rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables. | |||||
| CVE-2015-6621 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | N/A |
| SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438. | |||||
| CVE-2014-2130 | 1 Cisco | 1 Secure Access Control System | 2025-04-12 | 6.5 MEDIUM | N/A |
| Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka Bug ID CSCuj83189. | |||||
| CVE-2015-7229 | 1 Twitter Project | 1 Twitter | 2025-04-12 | 3.5 LOW | N/A |
| The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post to twitter" permission or change the options for arbitrary attached accounts by leveraging the (2) "add twitter accounts" or (3) "add authenticated twitter accounts" permission. | |||||
| CVE-2015-0682 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | 6.5 MEDIUM | N/A |
| Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. | |||||
| CVE-2015-7052 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.2 HIGH | N/A |
| kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2013-6476 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 4.4 MEDIUM | N/A |
| The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same directory as the PDF file. | |||||
| CVE-2016-1773 | 1 Apple | 1 Mac Os X | 2025-04-12 | 2.1 LOW | 3.3 LOW |
| The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. | |||||