Total
5245 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5572 | 1 Oracle | 1 Database | 2025-04-12 | 4.4 MEDIUM | 6.4 MEDIUM |
| Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2016-0068 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069. | |||||
| CVE-2015-7442 | 1 Ibm | 2 Installation Manager, Packaging Utility | 2025-04-12 | 6.2 MEDIUM | 7.0 HIGH |
| consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse program that is located in /tmp with a name based on a predicted PID value. | |||||
| CVE-2014-9353 | 1 Netapp | 1 Oncommand Balance | 2025-04-12 | 10.0 HIGH | N/A |
| NetApp OnCommand Balance before 4.2P2 contains a "default privileged account," which allows remote attackers to gain privileges via unspecified vectors. | |||||
| CVE-2014-9002 | 1 Lantronix | 1 Xprintserver | 2025-04-12 | 10.0 HIGH | N/A |
| Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action. | |||||
| CVE-2015-4997 | 1 Ibm | 1 Websphere Portal | 2025-04-12 | 6.8 MEDIUM | N/A |
| IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request. | |||||
| CVE-2015-6596 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | N/A |
| mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717. | |||||
| CVE-2016-3889 | 1 Google | 1 Android | 2025-04-12 | 7.2 HIGH | 6.8 MEDIUM |
| Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism by accessing (1) an external tile from a system application, (2) the help feature, or (3) the Settings application during a pre-setup stage, aka internal bug 29194585. | |||||
| CVE-2014-0249 | 2 Fedoraproject, Redhat | 2 Sssd, Enterprise Linux | 2025-04-12 | 3.3 LOW | N/A |
| The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allows local users to bypass access restrictions via unspecified vectors. | |||||
| CVE-2016-3912 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allow attackers to gain privileges via a crafted application, aka internal bug 30202481. | |||||
| CVE-2015-4394 | 1 Services Project | 1 Services | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote attackers to bypass the field_access restriction and obtain sensitive private field information via unspecified vectors. | |||||
| CVE-2015-3759 | 1 Apple | 1 Iphone Os | 2025-04-12 | 4.6 MEDIUM | N/A |
| Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink. | |||||
| CVE-2014-3472 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-12 | 4.9 MEDIUM | N/A |
| The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspecified vectors. | |||||
| CVE-2016-5087 | 1 Alertus | 1 Alertus Desktop Notification For Os X | 2025-04-12 | 3.6 LOW | 4.4 MEDIUM |
| Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration files and unspecified other files, which allows local users to suppress emergency notifications or change content via standard filesystem operations. | |||||
| CVE-2014-3083 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-4927 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-12 | 7.2 HIGH | N/A |
| The Reporting and Monitoring component in Tivoli Monitoring in IBM Tivoli Storage Manager 6.3 before 6.3.6 and 7.1 before 7.1.3 on Linux and AIX uses world-writable permissions for unspecified files, which allows local users to gain privileges by writing to a file. | |||||
| CVE-2014-2742 | 1 Isode | 1 M-link | 2025-04-12 | 7.8 HIGH | N/A |
| Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream, aka an "xmppbomb" attack. | |||||
| CVE-2015-5692 | 1 Symantec | 1 Web Gateway | 2025-04-12 | 7.9 HIGH | N/A |
| admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file. | |||||
| CVE-2016-3909 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The SoftMPEG4 component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30033990. | |||||
| CVE-2015-3028 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-12 | 5.5 MEDIUM | N/A |
| McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters. | |||||