Total
5246 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1254 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | 5.0 MEDIUM | N/A |
| core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing. | |||||
| CVE-2016-9796 | 1 Alcatel-lucent | 1 Omnivista 8770 Network Management System | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server." | |||||
| CVE-2014-6043 | 1 Zohocorp | 1 Manageengine Eventlog Analyzer | 2025-04-12 | 6.5 MEDIUM | N/A |
| ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 does not properly restrict access to the database browser, which allows remote authenticated users to obtain access to the database via a direct request to event/runQuery.do. Fixed in Build 10000. | |||||
| CVE-2016-0087 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 do not properly validate handles, which allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability." | |||||
| CVE-2015-7788 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2025-04-12 | 5.8 MEDIUM | 7.3 HIGH |
| ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2014-0201 | 1 Redhat | 1 Rhevm-reports | 2025-04-12 | 2.1 LOW | N/A |
| ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports package (rhevm-reports) before 3.3.3, uses world-readable permissions on configuration files, which allows local users to obtain sensitive information by reading the files. | |||||
| CVE-2014-3514 | 1 Rubyonrails | 1 Rails | 2025-04-12 | 7.5 HIGH | N/A |
| activerecord/lib/active_record/relation/query_methods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes create_with calls. | |||||
| CVE-2016-0714 | 3 Apache, Canonical, Debian | 3 Tomcat, Ubuntu Linux, Debian Linux | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session. | |||||
| CVE-2013-1807 | 1 Php-fusion | 1 Php-fusion | 2025-04-12 | 5.0 MEDIUM | N/A |
| PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/. | |||||
| CVE-2015-5413 | 1 Hp | 1 Version Control Repository Manager | 2025-04-12 | 4.0 MEDIUM | N/A |
| HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-8940 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367. | |||||
| CVE-2016-3915 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30591838. | |||||
| CVE-2014-8989 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.6 MEDIUM | N/A |
| The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a "negative groups" issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c. | |||||
| CVE-2016-1152 | 1 Cybozu | 1 Office | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486. | |||||
| CVE-2014-9249 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | 7.5 HIGH | N/A |
| The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408. | |||||
| CVE-2013-2043 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 4.0 MEDIUM | N/A |
| apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calendars via the calendar_id parameter. | |||||
| CVE-2016-3758 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoader in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides a long filename, aka internal bug 27840771. | |||||
| CVE-2014-5507 | 1 Pro Softnet Corporation | 1 Ibackup | 2025-04-12 | 7.2 HIGH | N/A |
| iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file. | |||||
| CVE-2016-3849 | 1 Google | 1 Android | 2025-04-12 | 6.9 MEDIUM | 7.8 HIGH |
| The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740. | |||||
| CVE-2015-2554 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 7.2 HIGH | N/A |
| The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerability." | |||||