Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-1949 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file. | ||||
| CVE-2016-2057 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2025-04-12 | N/A |
| lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use weak permissions (666) for an unspecified IPC message queue, which allows local users to inject arbitrary messages by writing to that queue. | ||||
| CVE-2016-0263 | 1 Ibm | 2 General Parallel File System Storage Server, Spectrum Scale | 2025-04-12 | N/A |
| IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command. | ||||
| CVE-2012-5489 | 2 Plone, Zope | 2 Plone, Zope | 2025-04-12 | N/A |
| The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors. | ||||
| CVE-2016-4505 | 1 Resourcedm | 1 Intuitive 650 Tdb Controller | 2025-04-12 | N/A |
| Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors. | ||||
| CVE-2016-2409 | 1 Google | 1 Android | 2025-04-12 | N/A |
| A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545. | ||||
| CVE-2015-2272 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token. | ||||
| CVE-2016-2420 | 1 Google | 1 Android | 2025-04-12 | N/A |
| rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620. | ||||
| CVE-2016-2436 | 1 Google | 2 Android, Nexus 9 | 2025-04-12 | N/A |
| The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27299111. | ||||
| CVE-2016-2434 | 1 Google | 2 Android, Nexus 9 | 2025-04-12 | N/A |
| The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090. | ||||
| CVE-2015-2152 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-04-12 | N/A |
| Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by (1) setting the DISPLAY environment variable, when compiled with SDL support, or connecting to the VNC server on (2) ::1 or (3) 127.0.0.1, when not compiled with SDL support. | ||||
| CVE-2015-6639 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. | ||||
| CVE-2016-2442 | 1 Google | 4 Android, Nexus 5x, Nexus 6 and 1 more | 2025-04-12 | N/A |
| The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26494907. | ||||
| CVE-2016-2444 | 1 Google | 2 Android, Nexus 9 | 2025-04-12 | N/A |
| The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27208332. | ||||
| CVE-2012-5498 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection. | ||||
| CVE-2016-2491 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408. | ||||
| CVE-2016-4440 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.8 High |
| arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode. | ||||
| CVE-2016-2503 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28084795 and Qualcomm internal bug CR1006067. | ||||
| CVE-2012-5696 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2025-04-12 | N/A |
| Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request. | ||||
| CVE-2015-1029 | 1 Puppet | 2 Puppet Enterprise, Stdlib | 2025-04-12 | N/A |
| The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache. | ||||