Total
5244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2604 | 1 Realnetworks | 1 Realarcade Installer | 2025-04-12 | 7.2 HIGH | N/A |
| RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory. | |||||
| CVE-2014-6288 | 1 Alex Kellner | 1 Powermail | 2025-04-12 | 7.5 HIGH | N/A |
| The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors. | |||||
| CVE-2014-1217 | 1 Livetecs | 1 Timeline | 2025-04-12 | 7.5 HIGH | N/A |
| Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors. | |||||
| CVE-2016-1435 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2025-04-12 | 6.2 MEDIUM | 7.0 HIGH |
| Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. | |||||
| CVE-2015-5268 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value. | |||||
| CVE-2016-3905 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application that sends a SENDACTIONFRAME command, aka Android internal bug 28061823 and Qualcomm internal bug CR 1001449. | |||||
| CVE-2016-2408 | 2 Microsoft, Pulsesecure | 5 Windows, Odyssey Access Client, Pulse Secure Desktop and 2 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via unspecified vectors. | |||||
| CVE-2014-0508 | 4 Adobe, Apple, Linux and 1 more | 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x before 13.0.0.182 on Windows and OS X and before 11.2.202.350 on Linux, Adobe AIR before 13.0.0.83 on Android, Adobe AIR SDK before 13.0.0.83, and Adobe AIR SDK & Compiler before 13.0.0.83 allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-6174 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 7.2 HIGH | N/A |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6171 and CVE-2015-6173. | |||||
| CVE-2016-0180 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles symbolic links, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." | |||||
| CVE-2014-1383 | 1 Apple | 1 Tvos | 2025-04-12 | 5.5 MEDIUM | N/A |
| Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors. | |||||
| CVE-2014-0535 | 4 Adobe, Apple, Linux and 1 more | 6 Adobe Air, Adobe Air Sdk, Flash Player and 3 more | 2025-04-12 | 7.5 HIGH | N/A |
| Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0534. | |||||
| CVE-2014-1572 | 2 Fedoraproject, Mozilla | 2 Fedora, Bugzilla | 2025-04-12 | 5.0 MEDIUM | N/A |
| The confirm_create_account function in the account-creation feature in token.cgi in Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 does not specify a scalar context for the realname parameter, which allows remote attackers to create accounts with unverified e-mail addresses by sending three realname values with realname=login_name as the second, as demonstrated by selecting an e-mail address with a domain name for which group privileges are automatically granted. | |||||
| CVE-2014-5147 | 1 Xen | 1 Xen | 2025-04-12 | 4.3 MEDIUM | N/A |
| Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process. | |||||
| CVE-2016-3805 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek internal bug ALPS02694412. | |||||
| CVE-2014-4367 | 1 Apple | 1 Iphone Os | 2025-04-12 | 2.1 LOW | N/A |
| Apple iOS before 8 enables Voice Dial during all upgrade actions, which makes it easier for physically proximate attackers to launch unintended calls by speaking a telephone number. | |||||
| CVE-2016-6742 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30799828. | |||||
| CVE-2015-7766 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-04-12 | 9.0 HIGH | N/A |
| PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO." | |||||
| CVE-2015-7861 | 1 Accelerite | 1 Radia Client Automation | 2025-04-12 | 10.0 HIGH | N/A |
| Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending unspecified commands in an environment that lacks relationship-based firewalling. | |||||
| CVE-2015-7227 | 1 Fieldable Panels Panes Project | 1 Fieldable Panels Panes | 2025-04-12 | 3.5 LOW | N/A |
| The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes by leveraging permissions to edit panels. | |||||