Total
5248 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0006 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 6.9 MEDIUM | 7.3 HIGH |
| The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0007. | |||||
| CVE-2015-1469 | 1 Servision | 2 Hvg400, Hvg Video Gateway Firmware | 2025-04-12 | 9.0 HIGH | N/A |
| time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930. | |||||
| CVE-2015-0546 | 1 Emc | 1 Unified Infrastructure Manager\/provisioning | 2025-04-12 | 10.0 HIGH | N/A |
| EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name. | |||||
| CVE-2014-9890 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177. | |||||
| CVE-2015-2993 | 1 Sysaid | 1 Sysaid | 2025-04-12 | 7.5 HIGH | N/A |
| SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry. | |||||
| CVE-2015-8892 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998. | |||||
| CVE-2015-1458 | 1 Fortinet | 1 Fortiauthenticator | 2025-04-12 | 6.9 MEDIUM | N/A |
| Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. | |||||
| CVE-2016-1629 | 4 Debian, Google, Novell and 1 more | 5 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 2 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. | |||||
| CVE-2014-9768 | 1 Ibm | 1 Tivoli Netview Access Services | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| IBM Tivoli NetView Access Services (NVAS) allows remote authenticated users to gain privileges by entering the ADM command and modifying a "page ID" field to the EMSPG2 transaction code. NOTE: the vendor's perspective is that configuration and use of available security controls in the NVAS product mitigates the reported vulnerability | |||||
| CVE-2014-0906 | 1 Ibm | 1 Sametime | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not check whether a session cookie is current, which allows remote attackers to conduct user-search actions by leveraging possession of a (1) expired or (2) invalidated cookie. | |||||
| CVE-2015-6639 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. | |||||
| CVE-2015-3270 | 1 Apache | 1 Ambari | 2025-04-12 | 6.5 MEDIUM | N/A |
| Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords. | |||||
| CVE-2015-2814 | 1 Sap | 2 Clinical Task Tracker, Emr Unwired | 2025-04-12 | 6.4 MEDIUM | N/A |
| SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079. | |||||
| CVE-2015-2370 | 1 Microsoft | 9 Windows 2003 Server, Windows 7, Windows 8 and 6 more | 2025-04-12 | 7.2 HIGH | N/A |
| The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not prevent DCE/RPC connection reflection, which allows local users to gain privileges via a crafted application, aka "Windows RPC Elevation of Privilege Vulnerability." | |||||
| CVE-2014-6160 | 2 Google, Ibm | 3 Chrome, Webseal, Websphere Service Registry And Repository | 2025-04-12 | 2.1 LOW | N/A |
| IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 8.5.0.1, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||||
| CVE-2012-5696 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2025-04-12 | 5.0 MEDIUM | N/A |
| Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request. | |||||
| CVE-2016-3940 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 6P and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 30141991. | |||||
| CVE-2016-5230 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and control partial module functions via a crafted app. | |||||
| CVE-2015-2554 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 7.2 HIGH | N/A |
| The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerability." | |||||
| CVE-2016-8867 | 1 Docker | 1 Docker | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes. | |||||