Total
5248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5005 | 1 Ibm | 2 Aix, Powerha System Mirror | 2025-04-12 | 8.5 HIGH | N/A |
| CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an "su root" action by leveraging presence on the cluster-wide password-change list. | |||||
| CVE-2014-5286 | 1 Tibco | 3 Activematrix Management Agent, Activematrix Policy Agent, Activematrix Policy Manager | 2025-04-12 | 6.4 MEDIUM | N/A |
| The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveMatrix Policy Agent 3.x before 3.1.2, ActiveMatrix Policy Manager 3.x before 3.1.2, ActiveMatrix Management Agent 1.x before 1.2.1 for WCF, and ActiveMatrix Management Agent 1.x before 1.2.1 for WebSphere allows remote attackers to gain privileges and obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-6034 | 1 Epson | 1 Network Utility | 2025-04-12 | 6.9 MEDIUM | N/A |
| EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2015-6565 | 1 Openbsd | 1 Openssh | 2025-04-12 | 7.2 HIGH | N/A |
| sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by writing to a device, as demonstrated by writing an escape sequence. | |||||
| CVE-2014-2745 | 1 Prosody | 1 Prosody | 2025-04-12 | 7.8 HIGH | N/A |
| Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack, related to core/portmanager.lua and util/xmppstream.lua. | |||||
| CVE-2016-7570 | 1 Drupal | 1 Drupal | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes. | |||||
| CVE-2016-7222 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privilege Vulnerability." | |||||
| CVE-2015-0821 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions. | |||||
| CVE-2016-5573 | 1 Oracle | 2 Jdk, Jre | 2025-04-12 | 6.8 MEDIUM | 8.3 HIGH |
| Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582. | |||||
| CVE-2015-3085 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2025-04-12 | 6.4 MEDIUM | N/A |
| Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3083. | |||||
| CVE-2016-2493 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522. | |||||
| CVE-2016-3958 | 1 Golang | 1 Go | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x before 1.6.1 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, related to use of the LoadLibrary function. | |||||
| CVE-2015-5021 | 1 Ibm | 1 Infosphere Information Server | 2025-04-12 | 5.5 MEDIUM | N/A |
| IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-4463 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | N/A |
| Apple iOS before 8.1.1 allows physically proximate attackers to bypass the lock-screen protection mechanism, and view or transmit a Photo Library photo, via the FaceTime "Leave a Message" feature. | |||||
| CVE-2015-6637 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. | |||||
| CVE-2016-3900 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| cmds/servicemanager/service_manager.c in ServiceManager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not properly restrict service registration, which allows attackers to gain privileges via a crafted application, aka internal bug 29431260. | |||||
| CVE-2015-5251 | 1 Openstack | 1 Image Registry And Delivery Service \(glance\) | 2025-04-12 | 5.5 MEDIUM | N/A |
| OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*. | |||||
| CVE-2015-1155 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 4.3 MEDIUM | N/A |
| The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. | |||||
| CVE-2016-6644 | 1 Emc | 1 Documentum D2 | 2025-04-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value. | |||||
| CVE-2016-0810 | 1 Google | 1 Android | 2025-04-12 | 6.9 MEDIUM | 7.8 HIGH |
| media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 mishandles locking requirements, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25781119. | |||||