Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5509 | 1 Administration Views Project | 1 Administration Views | 2025-04-12 | N/A |
| The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors. | ||||
| CVE-2015-5636 | 1 Newphoria Corporation | 1 Reversi | 2025-04-12 | N/A |
| The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
| CVE-2015-7919 | 1 Searchblox | 1 Searchblox | 2025-04-12 | N/A |
| SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors. | ||||
| CVE-2015-5671 | 1 Techno Project Japan | 1 Enisys Gw | 2025-04-12 | N/A |
| Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors. | ||||
| CVE-2016-3346 | 1 Microsoft | 1 Windows 10 | 2025-04-12 | N/A |
| Microsoft Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain Administrator access via a crafted DLL, aka "Windows Permissions Enforcement Elevation of Privilege Vulnerability." | ||||
| CVE-2016-2453 | 1 Google | 2 Android, Android One | 2025-04-12 | N/A |
| The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27549705. | ||||
| CVE-2015-5692 | 1 Symantec | 1 Web Gateway | 2025-04-12 | N/A |
| admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file. | ||||
| CVE-2016-4834 | 1 Vtiger | 1 Vtiger Crm | 2025-04-12 | N/A |
| modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors. | ||||
| CVE-2015-5787 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app. | ||||
| CVE-2015-5849 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection. | ||||
| CVE-2016-2984 | 1 Ibm | 2 General Parallel File System, Spectrum Scale | 2025-04-12 | N/A |
| IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via crafted command-line parameters to a /usr/lpp/mmfs/bin/ setuid program. | ||||
| CVE-2014-1504 | 4 Mozilla, Opensuse, Oracle and 1 more | 7 Firefox, Seamonkey, Opensuse and 4 more | 2025-04-12 | N/A |
| The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. | ||||
| CVE-2015-5961 | 1 Mozilla | 1 Firefox Os | 2025-04-12 | N/A |
| The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to bypass intended access restrictions by spoofing that server. | ||||
| CVE-2015-6018 | 1 Zyxel | 1 Pmg5318-b20a Firmware | 2025-04-12 | N/A |
| The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. | ||||
| CVE-2015-6034 | 1 Epson | 1 Network Utility | 2025-04-12 | N/A |
| EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file. | ||||
| CVE-2015-6047 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| The broker EditWith feature in Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the AppContainer protection mechanism and gain privileges via a DelegateExecute launch of an arbitrary application, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| CVE-2015-6265 | 1 Cisco | 1 Application Control Engine 4700 | 2025-04-12 | N/A |
| The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command's input, aka Bug ID CSCur23662. | ||||
| CVE-2014-8136 | 4 Canonical, Mageia, Opensuse and 1 more | 10 Ubuntu Linux, Mageia, Opensuse and 7 more | 2025-04-12 | N/A |
| The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 functions in qemu/qemu_driver.c in libvirt do not unlock the domain when an ACL check fails, which allow local users to cause a denial of service via unspecified vectors. | ||||
| CVE-2016-2293 | 1 Accuenergy | 4 Acuvim Ii, Acuvim Ii Net Firmware, Acuvim Iir and 1 more | 2025-04-12 | N/A |
| The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. | ||||
| CVE-2015-8940 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367. | ||||