Total
5244 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-6306 | 3 Apple, Cisco, Linux | 3 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel | 2025-04-12 | 7.2 HIGH | N/A |
Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947. | |||||
CVE-2015-5272 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants." | |||||
CVE-2016-0912 | 1 Dell | 1 Emc Data Domain Os | 2025-04-12 | 9.0 HIGH | 9.8 CRITICAL |
EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote authenticated users to bypass intended password-change restrictions by leveraging access to (1) a different account with the same role as a target account or (2) an account's session at an unattended workstation. | |||||
CVE-2016-3930 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28760138. | |||||
CVE-2015-0055 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||||
CVE-2015-0051 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 8 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | |||||
CVE-2015-6596 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | N/A |
mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717. | |||||
CVE-2013-7065 | 1 Organic Groups Project | 1 Organic Groups | 2025-04-12 | 5.8 MEDIUM | N/A |
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the og_group_ref field. | |||||
CVE-2016-7444 | 1 Gnu | 1 Gnutls | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc. | |||||
CVE-2015-3143 | 5 Apple, Canonical, Debian and 2 more | 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more | 2025-04-12 | 5.0 MEDIUM | N/A |
cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015. | |||||
CVE-2016-5231 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2025-04-12 | 5.0 MEDIUM | 7.8 HIGH |
Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and delete user data via a crafted app. | |||||
CVE-2014-8131 | 1 Redhat | 1 Libvirt | 2025-04-12 | 4.0 MEDIUM | N/A |
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access. | |||||
CVE-2014-5284 | 1 Ossec | 1 Ossec | 2025-04-12 | 7.2 HIGH | N/A |
host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed. | |||||
CVE-2012-5501 | 1 Plone | 1 Plone | 2025-04-12 | 5.0 MEDIUM | N/A |
at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL. | |||||
CVE-2015-0773 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 5.5 MEDIUM | N/A |
Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078. | |||||
CVE-2015-4394 | 1 Services Project | 1 Services | 2025-04-12 | 5.0 MEDIUM | N/A |
The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors. | |||||
CVE-2016-0822 | 1 Google | 1 Android | 2025-04-12 | 7.6 HIGH | 7.0 HIGH |
The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. | |||||
CVE-2015-1638 | 1 Microsoft | 1 Windows Server 2012 | 2025-04-12 | 5.8 MEDIUM | N/A |
Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability." | |||||
CVE-2014-3848 | 1 Imember360 | 1 Imember360 | 2025-04-12 | 5.0 MEDIUM | N/A |
The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter. | |||||
CVE-2015-1156 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 4.3 MEDIUM | N/A |
The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site. |