Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2388 | 1 Blackberry | 5 Blackberry Os, Q10, Q5 and 2 more | 2025-04-12 | N/A |
| The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode. | ||||
| CVE-2014-9885 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261. | ||||
| CVE-2015-0051 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 8 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | ||||
| CVE-2016-6536 | 1 Aver | 2 Eh6108h\+, Eh6108h\+ Firmware | 2025-04-12 | N/A |
| The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value. | ||||
| CVE-2014-9875 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310. | ||||
| CVE-2015-0069 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | ||||
| CVE-2015-0603 | 1 Cisco | 3 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9900 Series Firmware | 2025-04-12 | N/A |
| Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone's filesystem, aka Bug ID CSCup90474. | ||||
| CVE-2014-9780 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28602014 and Qualcomm internal bug CR542222. | ||||
| CVE-2014-9779 | 1 Google | 1 Android | 2025-04-12 | N/A |
| arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug 28598347 and Qualcomm internal bug CR548679. | ||||
| CVE-2014-9782 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349. | ||||
| CVE-2015-0054 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| CVE-2013-6889 | 1 Gnu | 1 Rush | 2025-04-12 | N/A |
| GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option. | ||||
| CVE-2014-9770 | 1 Opensuse | 1 Opensuse | 2025-04-12 | N/A |
| tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under (1) /run/log/journal/%m and (2) /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files. | ||||
| CVE-2014-9783 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382. | ||||
| CVE-2015-3085 | 5 Adobe, Apple, Linux and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | N/A |
| Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3083. | ||||
| CVE-2011-1381 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-12 | N/A |
| Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers to bypass intended access restrictions via unknown vectors. | ||||
| CVE-2014-9642 | 1 Bullguard | 4 Bdagent.sys, Internet Security, Online Backup and 1 more | 2025-04-12 | N/A |
| bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call. | ||||
| CVE-2014-9226 | 2 Broadcom, Symantec | 2 Symantec Critical System Protection, Data Center Security | 2025-04-12 | N/A |
| The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors. | ||||
| CVE-2015-0257 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2025-04-12 | N/A |
| Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory. | ||||
| CVE-2014-9249 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | N/A |
| The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408. | ||||