Total
2547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-7778 | 2026-05-07 | N/A | 5.0 MEDIUM | ||
| An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N (5.0, Medium). This issue was fixed in version v4.0.260416.0 of the runZero Platform. | |||||
| CVE-2026-40001 | 2026-05-07 | N/A | 5.2 MEDIUM | ||
| There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass. | |||||
| CVE-2026-7971 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-05-07 | N/A | 6.3 MEDIUM |
| Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-7977 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-05-06 | N/A | 6.3 MEDIUM |
| Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-7994 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-05-06 | N/A | 7.8 HIGH |
| Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Medium) | |||||
| CVE-2013-7421 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2026-05-06 | 2.1 LOW | N/A |
| The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644. | |||||
| CVE-2014-5206 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2026-05-06 | 7.2 HIGH | N/A |
| The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace. | |||||
| CVE-2014-1526 | 4 Canonical, Fedoraproject, Mozilla and 1 more | 5 Ubuntu Linux, Fedora, Firefox and 2 more | 2026-05-06 | 6.8 MEDIUM | N/A |
| The XrayWrapper implementation in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site that is visited in the debugger, leading to unwrapping operations and calls to DOM methods on the unwrapped objects. | |||||
| CVE-2015-4446 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2026-05-06 | 7.5 HIGH | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and perform a transition from Low Integrity to Medium Integrity via unspecified vectors, a different vulnerability than CVE-2015-5090 and CVE-2015-5106. | |||||
| CVE-2014-0185 | 1 Php | 1 Php | 2026-05-06 | 7.2 HIGH | N/A |
| sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client. | |||||
| CVE-2015-8467 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2026-05-06 | 6.0 MEDIUM | 7.5 HIGH |
| The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535. | |||||
| CVE-2014-5207 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2026-05-06 | 6.2 MEDIUM | N/A |
| fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace. | |||||
| CVE-2016-1575 | 2 Canonical, Linux | 4 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 1 more | 2026-05-06 | 7.2 HIGH | 7.8 HIGH |
| The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. | |||||
| CVE-2016-3376 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2026-05-06 | 9.3 HIGH | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." a different vulnerability than CVE-2016-3266, CVE-2016-7185, and CVE-2016-7211. | |||||
| CVE-2014-9322 | 6 Canonical, Google, Linux and 3 more | 6 Ubuntu Linux, Android, Linux Kernel and 3 more | 2026-05-06 | 7.2 HIGH | 7.8 HIGH |
| arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space. | |||||
| CVE-2014-1496 | 2 Mozilla, Suse | 6 Firefox, Seamonkey, Thunderbird and 3 more | 2026-05-06 | 1.9 LOW | 5.5 MEDIUM |
| Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update. | |||||
| CVE-2016-2853 | 1 Linux | 1 Linux Kernel | 2026-05-06 | 4.4 MEDIUM | 7.8 HIGH |
| The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program. | |||||
| CVE-2016-2061 | 1 Linux | 1 Linux Kernel | 2026-05-06 | 6.8 MEDIUM | 7.8 HIGH |
| Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call. | |||||
| CVE-2014-0204 | 1 Openstack | 1 Keystone | 2026-05-06 | 6.5 MEDIUM | N/A |
| OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID. | |||||
| CVE-2015-0239 | 5 Canonical, Debian, Linux and 2 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2026-05-06 | 4.4 MEDIUM | N/A |
| The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction. | |||||