Total
5244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3769 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656. | |||||
| CVE-2013-2027 | 2 Jython Project, Opensuse | 2 Jython, Opensuse | 2025-04-12 | 4.6 MEDIUM | N/A |
| Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2014-1265 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2025-04-12 | 4.6 MEDIUM | N/A |
| The systemsetup program in the Date and Time subsystem in Apple OS X before 10.9.2 allows local users to bypass intended access restrictions by changing the current time on the system clock. | |||||
| CVE-2014-0888 | 1 Ibm | 2 Mobile Foundation, Worklight | 2025-04-12 | 4.9 MEDIUM | N/A |
| IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vectors. | |||||
| CVE-2014-1373 | 1 Apple | 1 Mac Os X | 2025-04-12 | 10.0 HIGH | N/A |
| Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application. | |||||
| CVE-2016-3930 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28760138. | |||||
| CVE-2013-2047 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 2.1 LOW | N/A |
| The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the password. | |||||
| CVE-2014-8895 | 1 Ibm | 1 Tririga Application Platform | 2025-04-12 | 4.3 MEDIUM | N/A |
| IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via a crafted URL. | |||||
| CVE-2014-4076 | 1 Microsoft | 1 Windows Server 2003 | 2025-04-12 | 7.2 HIGH | N/A |
| Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability." | |||||
| CVE-2014-0629 | 1 Emc | 1 Documentum Taskspace | 2025-04-12 | 8.5 HIGH | N/A |
| EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation. | |||||
| CVE-2016-6536 | 1 Aver | 2 Eh6108h\+, Eh6108h\+ Firmware | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value. | |||||
| CVE-2014-0974 | 1 Little Kernel Project | 1 Little Kernel Bootloader | 2025-04-12 | 1.9 LOW | N/A |
| The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image. | |||||
| CVE-2014-3202 | 1 Ayatana Project | 1 Unity | 2025-04-12 | 4.4 MEDIUM | N/A |
| Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash. | |||||
| CVE-2016-2409 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 8.1 HIGH |
| A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545. | |||||
| CVE-2014-6181 | 1 Ibm | 1 Websphere Service Registry And Repository | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before 7.0.0.5 does not perform access-control checks for contained objects, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-1068 | 1 Canonical | 1 Ubuntu Linux | 2025-04-12 | 5.0 MEDIUM | N/A |
| The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability. | |||||
| CVE-2013-4971 | 1 Puppet | 1 Puppet Enterprise | 2025-04-12 | 5.0 MEDIUM | N/A |
| Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-4493 | 1 Apple | 1 Iphone Os | 2025-04-12 | 7.5 HIGH | N/A |
| The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app. | |||||
| CVE-2016-2817 | 1 Mozilla | 1 Firefox | 2025-04-12 | 4.3 MEDIUM | 5.4 MEDIUM |
| The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL. | |||||
| CVE-2015-4964 | 1 Ibm | 1 Urbancode Deploy | 2025-04-12 | 6.0 MEDIUM | N/A |
| IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process. | |||||