Total
5244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5634 | 1 Newphoria Corporation | 1 Megaphone Music | 2025-04-12 | 6.8 MEDIUM | N/A |
| The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |||||
| CVE-2014-5337 | 2 Wordpress Mobile Pack Project, Wpmobilepack | 2 Wordpress Mobile Pack, Wordpress Mobile Pack | 2025-04-12 | 5.0 MEDIUM | N/A |
| The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php. | |||||
| CVE-2016-10010 | 1 Openbsd | 1 Openssh | 2025-04-12 | 6.9 MEDIUM | 7.0 HIGH |
| sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. | |||||
| CVE-2014-2506 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | 8.5 HIGH | N/A |
| EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors. | |||||
| CVE-2016-2431 | 1 Google | 4 Android, Nexus 5, Nexus 6 and 1 more | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809. | |||||
| CVE-2014-0544 | 5 Adobe, Apple, Google and 2 more | 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more | 2025-04-12 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0545. | |||||
| CVE-2014-9015 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | 6.8 MEDIUM | N/A |
| Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS sessions. | |||||
| CVE-2014-0112 | 1 Apache | 1 Struts | 2025-04-12 | 7.5 HIGH | N/A |
| ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. | |||||
| CVE-2016-3871 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow attackers to gain privileges via a crafted application, aka internal bug 29422022. | |||||
| CVE-2014-4810 | 1 Ibm | 1 Cognos Mobile | 2025-04-12 | 4.3 MEDIUM | N/A |
| IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logoff action on a mobile device, which makes it easier for remote attackers to bypass intended Business Intelligence restrictions by leveraging access to authentication data that was captured before this logoff. | |||||
| CVE-2014-3674 | 1 Redhat | 1 Openshift | 2025-04-12 | 7.5 HIGH | N/A |
| Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. | |||||
| CVE-2016-6651 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token. | |||||
| CVE-2014-3703 | 1 Redhat | 1 Packstack | 2025-04-12 | 5.0 MEDIUM | N/A |
| OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic plug-in is not used, does not properly set the libvirt_vif_driver configuration option when generating the nova.conf configuration, which causes the firewall to be disabled and allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2014-4757 | 1 Ibm | 1 Content Collector | 2025-04-12 | 2.1 LOW | N/A |
| The Outlook Extension in IBM Content Collector 4.0.0.x before 4.0.0.0-ICC-OE-IF004 allows local users to bypass the intended Reviewer privilege requirement and read e-mail messages from an arbitrary mailbox by invoking the Search function. | |||||
| CVE-2014-2273 | 1 Huawei | 2 P2-6011, P2-6011 Firmware | 2025-04-12 | 7.2 HIGH | N/A |
| The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors. | |||||
| CVE-2014-3617 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | N/A |
| The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum. | |||||
| CVE-2013-6775 | 2 Chainfire, Google | 2 Supersu, Android | 2025-04-12 | 10.0 HIGH | N/A |
| The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su. | |||||
| CVE-2014-8148 | 2 Midgard-project, Opensuse | 2 Midgard2, Opensuse | 2025-04-12 | 7.2 HIGH | N/A |
| The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges. | |||||
| CVE-2014-0003 | 1 Apache | 1 Camel | 2025-04-12 | 7.5 HIGH | N/A |
| The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message. | |||||
| CVE-2014-3771 | 1 Teampass | 1 Teampass | 2025-04-12 | 7.5 HIGH | N/A |
| TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php. | |||||