Total
5256 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2321 | 1 Zte | 2 F460, F660 | 2025-04-12 | 10.0 HIGH | N/A |
| web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. | |||||
| CVE-2014-5298 | 1 X2engine | 1 X2engine | 2025-04-12 | 5.0 MEDIUM | N/A |
| FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program. | |||||
| CVE-2014-8605 | 1 Xcloner | 1 Xcloner | 2025-04-12 | 5.0 MEDIUM | N/A |
| The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/. | |||||
| CVE-2014-0167 | 1 Openstack | 2 Compute, Icehouse | 2025-04-12 | 6.0 MEDIUM | N/A |
| The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, (3) destroy, and other unspecified methods in compute/api.py when using non-default policies, which allows remote authenticated users to gain privileges via these API requests. | |||||
| CVE-2015-0662 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | 7.2 HIGH | N/A |
| Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385. | |||||
| CVE-2016-0171 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0173, CVE-2016-0174, and CVE-2016-0196. | |||||
| CVE-2016-0763 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2025-04-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context. | |||||
| CVE-2014-4441 | 1 Apple | 1 Mac Os X | 2025-04-12 | 6.8 MEDIUM | N/A |
| NetFS Client Framework in Apple OS X before 10.10 does not ensure that the disabling of File Sharing is always possible, which allows remote attackers to read or write to files by leveraging a state in which File Sharing is permanently enabled. | |||||
| CVE-2014-5232 | 2 Apple, Siemens | 2 Iphone Os, Simatic Wincc Sm\@rtclient | 2025-04-12 | 1.9 LOW | N/A |
| The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows local users to bypass an intended application-password requirement by leveraging the running of the app in the background state. | |||||
| CVE-2015-5341 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors. | |||||
| CVE-2015-5493 | 1 Entityform Block Project | 1 Entityform Block | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors. | |||||
| CVE-2014-6257 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | 5.0 MEDIUM | N/A |
| Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407. | |||||
| CVE-2015-1226 | 1 Google | 1 Chrome | 2025-04-12 | 5.0 MEDIUM | N/A |
| The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension. | |||||
| CVE-2015-1984 | 1 Ibm | 1 Infosphere Master Data Management | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks. | |||||
| CVE-2015-0528 | 1 Emc | 1 Isilon Onefs | 2025-04-12 | 7.2 HIGH | N/A |
| The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files. | |||||
| CVE-2015-1342 | 1 Canonical | 2 Lxcfs, Ubuntu Linux | 2025-04-12 | 4.6 MEDIUM | N/A |
| LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup. | |||||
| CVE-2015-5253 | 1 Apache | 1 Cxf | 2025-04-12 | 4.0 MEDIUM | N/A |
| The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack." | |||||
| CVE-2016-6786 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 6.9 MEDIUM | 7.0 HIGH |
| kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. | |||||
| CVE-2014-1566 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 31.1 on Android does not properly restrict copying of local files onto the SD card during processing of file: URLs, which allows attackers to obtain sensitive information from the Firefox profile directory via a crafted application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1515. | |||||
| CVE-2015-8889 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067. | |||||