Total
5246 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3283 | 1 Openafs | 1 Openafs | 2025-04-12 | 6.8 MEDIUM | N/A |
| OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. | |||||
| CVE-2016-7254 | 1 Microsoft | 1 Sql Server | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability." | |||||
| CVE-2016-1233 | 1 Debian | 2 Debian Linux, Fuse | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| An unspecified udev rule in the Debian fuse package in jessie before 2.9.3-15+deb8u2, in stretch before 2.9.5-1, and in sid before 2.9.5-1 sets world-writable permissions for the /dev/cuse character device, which allows local users to gain privileges via a character device in /dev, related to an ioctl. | |||||
| CVE-2014-8605 | 1 Xcloner | 1 Xcloner | 2025-04-12 | 5.0 MEDIUM | N/A |
| The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores database backup files with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to a backup file in administrators/backups/. | |||||
| CVE-2014-0517 | 4 Adobe, Apple, Linux and 1 more | 5 Adobe Air, Flash Player, Mac Os X and 2 more | 2025-04-12 | 7.5 HIGH | N/A |
| Adobe Flash Player before 13.0.0.214 on Windows and OS X and before 11.2.202.359 on Linux, Adobe AIR SDK before 13.0.0.111, and Adobe AIR SDK & Compiler before 13.0.0.111 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2014-0518, CVE-2014-0519, and CVE-2014-0520. | |||||
| CVE-2015-2512 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 7.2 HIGH | N/A |
| The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2507. | |||||
| CVE-2015-4211 | 2 Cisco, Microsoft | 2 Anyconnect Secure Mobility Client, Windows | 2025-04-12 | 7.2 HIGH | N/A |
| Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not properly validate pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCus65862. | |||||
| CVE-2015-4344 | 1 Services Basic Authentication Project | 1 Services Basic Authentication | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for Drupal allows remote attackers to bypass intended resource restrictions via vectors related to page caching. | |||||
| CVE-2014-1380 | 1 Apple | 1 Mac Os X | 2025-04-12 | 2.6 LOW | N/A |
| The Security - Keychain component in Apple OS X before 10.9.4 does not properly implement keystroke observers, which allows physically proximate attackers to bypass the screen-lock protection mechanism, and enter characters into an arbitrary window under the lock window, via keyboard input. | |||||
| CVE-2015-1814 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 7.5 HIGH | N/A |
| The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users. | |||||
| CVE-2014-1561 | 2 Mozilla, Oracle | 2 Firefox, Solaris | 2025-04-12 | 5.8 MEDIUM | N/A |
| Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization. | |||||
| CVE-2015-5635 | 1 Newphoria Corporation | 1 Koritore | 2025-04-12 | 6.8 MEDIUM | N/A |
| The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |||||
| CVE-2016-3803 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434. | |||||
| CVE-2012-5390 | 1 Condor Project | 1 Condor | 2025-04-12 | 10.0 HIGH | N/A |
| The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job. | |||||
| CVE-2016-3341 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Windows Transaction Manager Elevation of Privilege Vulnerability." | |||||
| CVE-2016-4716 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2014-9783 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382. | |||||
| CVE-2016-3866 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28868303 and Qualcomm internal bug CR1032820. | |||||
| CVE-2014-1285 | 1 Apple | 1 Iphone Os | 2025-04-12 | 5.8 MEDIUM | N/A |
| Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an unactivated device. | |||||
| CVE-2014-4368 | 1 Apple | 1 Iphone Os | 2025-04-12 | 6.9 MEDIUM | N/A |
| The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. | |||||