Total
5244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0761 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | 7.2 HIGH | N/A |
| Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790. | |||||
| CVE-2016-2432 | 1 Google | 4 Android, Nexus 5, Nexus 6 and 1 more | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059. | |||||
| CVE-2016-3396 | 1 Microsoft | 12 Live Meeting, Lync, Office and 9 more | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "GDI+ Remote Code Execution Vulnerability." | |||||
| CVE-2016-0271 | 1 Ibm | 1 Urbancode Deploy | 2025-04-12 | 7.2 HIGH | 8.2 HIGH |
| The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before 6.1.3.3, and 6.2.x before 6.2.1.1 do not verify a server's identity in a JMS session or an HTTP session, which allows local users to obtain root access to arbitrary agents via unspecified vectors. | |||||
| CVE-2016-8102 | 1 Intel | 1 Wireless Bluetooth Drivers | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges. | |||||
| CVE-2014-4073 | 1 Microsoft | 1 .net Framework | 2025-04-12 | 10.0 HIGH | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability." | |||||
| CVE-2013-4598 | 1 Groups Communities And Co Project | 1 Gcc | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors. | |||||
| CVE-2014-7998 | 1 Cisco | 21 Aironet 1040, Aironet 1140, Aironet 1260 and 18 more | 2025-04-12 | 7.1 HIGH | N/A |
| Cisco IOS on Aironet access points, when "dot11 aaa authenticator" debugging is enabled, allows remote attackers to cause a denial of service via a malformed EAP packet, aka Bug ID CSCul15509. | |||||
| CVE-2016-1457 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. | |||||
| CVE-2015-6612 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | N/A |
| libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426. | |||||
| CVE-2015-7707 | 1 Igniterealtime | 1 Openfire | 2025-04-12 | 6.5 MEDIUM | N/A |
| Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp. | |||||
| CVE-2016-3802 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The kernel filesystem implementation in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28271368. | |||||
| CVE-2015-5888 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.2 HIGH | N/A |
| The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file. | |||||
| CVE-2015-4225 | 1 Cisco | 12 Nexus 93120tx, Nexus 93128tx, Nexus 9332pq and 9 more | 2025-04-12 | 4.0 MEDIUM | N/A |
| Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) and 1.0(1e) on Nexus 9000 devices does not properly implement RBAC health scoring, which allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuq77485. | |||||
| CVE-2016-3915 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30591838. | |||||
| CVE-2015-7792 | 1 Corega | 1 Cg-wlbargs Firmware | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors. | |||||
| CVE-2016-5266 | 1 Mozilla | 1 Firefox | 2025-04-12 | 5.8 MEDIUM | 8.1 HIGH |
| Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site. | |||||
| CVE-2013-6433 | 2 Canonical, Openstack | 2 Ubuntu Linux, Neutron | 2025-04-12 | 7.6 HIGH | N/A |
| The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file. | |||||
| CVE-2014-5415 | 1 Beckhoff | 2 Embedded Pc Images, Twincat | 2025-04-12 | 9.4 HIGH | 9.1 CRITICAL |
| Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. | |||||
| CVE-2013-6442 | 1 Samba | 1 Samba | 2025-04-12 | 5.8 MEDIUM | N/A |
| The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended administrative change. | |||||