Total
5244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3286 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 7.2 HIGH | 7.3 HIGH |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3249, CVE-2016-3252, and CVE-2016-3254. | |||||
| CVE-2016-5847 | 1 Sap | 1 Sapcar Archive Tool | 2025-04-12 | 4.4 MEDIUM | 5.8 MEDIUM |
| SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384. | |||||
| CVE-2016-6744 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30970485. | |||||
| CVE-2016-1337 | 1 Cisco | 2 Epc3928, Epc3928 Firmware | 2025-04-12 | 4.3 MEDIUM | 8.1 HIGH |
| Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178. | |||||
| CVE-2015-4032 | 1 Visual Mining | 1 Netcharts Server | 2025-04-12 | 10.0 HIGH | N/A |
| projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors. | |||||
| CVE-2015-3761 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.2 HIGH | N/A |
| The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2014-3203 | 2 Ayatana Project, Canonical | 2 Unity, Ubuntu Linux | 2025-04-12 | 4.4 MEDIUM | N/A |
| Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by pressing the SUPER key before the screen auto-locks. | |||||
| CVE-2016-2423 | 1 Google | 1 Android | 2025-04-12 | 6.6 MEDIUM | 6.1 MEDIUM |
| server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26303187. | |||||
| CVE-2016-1963 | 1 Mozilla | 1 Firefox | 2025-04-12 | 4.4 MEDIUM | 7.4 HIGH |
| The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. | |||||
| CVE-2014-9713 | 2 Debian, Openldap | 2 Debian Linux, Openldap | 2025-04-12 | 4.0 MEDIUM | N/A |
| The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors. | |||||
| CVE-2015-8486 | 1 Cybozu | 1 Office | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152. | |||||
| CVE-2014-0516 | 4 Adobe, Apple, Linux and 1 more | 5 Adobe Air, Flash Player, Mac Os X and 2 more | 2025-04-12 | 7.5 HIGH | N/A |
| Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2014-8136 | 4 Canonical, Mageia, Opensuse and 1 more | 8 Ubuntu Linux, Mageia, Opensuse and 5 more | 2025-04-12 | 2.1 LOW | N/A |
| The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. | |||||
| CVE-2014-3576 | 2 Apache, Oracle | 3 Activemq, Business Intelligence Publisher, Fusion Middleware | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command. | |||||
| CVE-2014-5246 | 1 Tenda | 2 A5s, A5s Firmware | 2025-04-12 | 10.0 HIGH | N/A |
| The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn. | |||||
| CVE-2014-4140 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | |||||
| CVE-2013-3976 | 1 Ibm | 4 Data Protection, Flashcopy Manager, Tivoli Storage Flashcopy Manager and 1 more | 2025-04-12 | 2.1 LOW | N/A |
| The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore. | |||||
| CVE-2016-0087 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 do not properly validate handles, which allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability." | |||||
| CVE-2016-2246 | 1 Hp | 1 Thinpro | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors. | |||||
| CVE-2016-7089 | 1 Watchguard | 1 Rapidstream | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN. | |||||