Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8842 | 1 Opensuse | 1 Opensuse | 2025-04-12 | N/A |
| tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2015-8940 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367. | ||||
| CVE-2015-8938 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022. | ||||
| CVE-2014-2506 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | N/A |
| EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors. | ||||
| CVE-2015-6856 | 1 Dell | 1 Pre-boot Authentication Driver | 2025-04-12 | N/A |
| Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call. | ||||
| CVE-2011-4573 | 1 Redhat | 1 Jboss Operations Network | 2025-04-12 | N/A |
| Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail. | ||||
| CVE-2016-5991 | 1 Ibm | 1 Sterling Connect\ | 2025-04-12 | N/A |
| IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2016-0822 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. | ||||
| CVE-2016-4654 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||||
| CVE-2014-8027 | 1 Cisco | 1 Secure Access Control System | 2025-04-12 | N/A |
| The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via crafted HTTP requests, aka Bug ID CSCuq79034. | ||||
| CVE-2015-6306 | 3 Apple, Cisco, Linux | 3 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel | 2025-04-12 | N/A |
| Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947. | ||||
| CVE-2015-1685 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass." | ||||
| CVE-2015-1704 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1703. | ||||
| CVE-2016-0374 | 1 Ibm | 1 Tririga Application Platform | 2025-04-12 | N/A |
| The builder tools in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allow remote authenticated users to gain privileges for application modification via unspecified vectors. | ||||
| CVE-2016-3346 | 1 Microsoft | 1 Windows 10 | 2025-04-12 | N/A |
| Microsoft Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain Administrator access via a crafted DLL, aka "Windows Permissions Enforcement Elevation of Privilege Vulnerability." | ||||
| CVE-2012-5037 | 1 Cisco | 3 Catalyst 6500, Catalyst 7600, Ios | 2025-04-12 | N/A |
| The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 and 7600 devices allows local users to cause a denial of service (device reload) via a "no object-group" command followed by an object-group command, aka Bug ID CSCts16133. | ||||
| CVE-2014-8115 | 1 Redhat | 3 Jboss Bpms, Jboss Brms, Kie Workbench | 2025-04-12 | N/A |
| The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors. | ||||
| CVE-2013-1191 | 1 Cisco | 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more | 2025-04-12 | N/A |
| Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted SSH key data in an SSH session to a management interface, aka Bug ID CSCud88400. | ||||
| CVE-2014-4626 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | N/A |
| EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, 7.0 before P16, and 7.1 before P09 allows remote authenticated users to gain privileges by (1) placing a command in a dm_job object and setting this object's owner to a privileged user or placing a rename action in a dm_job_request object and waiting for a (2) dm_UserRename or (3) dm_GroupRename service task, aka ESA-2014-105. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2515. | ||||
| CVE-2012-4230 | 1 Tinymce | 1 Tinymce | 2025-04-12 | N/A |
| The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the (1) encoding directive and (2) valid_elements attribute, which allows attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors, as demonstrated using a textarea element. | ||||