Total
5251 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4122 | 1 Microsoft | 1 .net Framework | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability." | |||||
| CVE-2014-3499 | 2 Docker, Fedoraproject | 2 Docker, Fedora | 2025-04-12 | 7.2 HIGH | N/A |
| Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2016-4440 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode. | |||||
| CVE-2016-0910 | 1 Emc | 1 Data Domain Os | 2025-04-12 | 4.3 MEDIUM | 8.8 HIGH |
| EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors. | |||||
| CVE-2015-2821 | 1 Typo3 | 1 Neos | 2025-04-12 | 6.5 MEDIUM | N/A |
| TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors. | |||||
| CVE-2015-0801 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-12 | 7.5 HIGH | N/A |
| Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818. | |||||
| CVE-2014-5015 | 2 Eterna, Netbsd | 2 Bozohttpd, Netbsd | 2025-04-12 | 5.0 MEDIUM | N/A |
| bozotic HTTP server (aka bozohttpd) before 20140708, as used in NetBSD, truncates paths when checking .htpasswd restrictions, which allows remote attackers to bypass the HTTP authentication scheme and access restrictions via a long path. | |||||
| CVE-2015-5402 | 1 Hp | 2 Matrix Operating Environment, Systems Insight Manager | 2025-04-12 | 7.2 HIGH | N/A |
| HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows local users to gain privileges, and consequently obtain sensitive information, modify data, or cause a denial of service, via unspecified vectors. | |||||
| CVE-2014-9782 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349. | |||||
| CVE-2016-9223 | 1 Cisco | 1 Cloudcenter Orchestrator | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly CliQr) could allow an unauthenticated, remote attacker to install Docker containers with high privileges on the affected system. Affected Products: This vulnerability affect all releases of Cisco CloudCenter Orchestrator (CCO) deployments where the Docker Engine TCP port 2375 is open on the system and bound to local address 0.0.0.0 (any interface). | |||||
| CVE-2015-5784 | 1 Apple | 1 Mac Os X | 2025-04-12 | 9.3 HIGH | N/A |
| runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2014-2268 | 1 Vtiger | 1 Vtiger Crm | 2025-04-12 | 5.0 MEDIUM | N/A |
| views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. | |||||
| CVE-2015-2714 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | 2.1 LOW | N/A |
| Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that has a required permission for reading a log, as demonstrated by the READ_LOGS permission for the mixed-content violation log on Android 4.0 and earlier. | |||||
| CVE-2015-7031 | 1 Apple | 1 Mac Os X Server | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2009-5138 | 1 Gnu | 1 Gnutls | 2025-04-12 | 5.8 MEDIUM | N/A |
| GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959. | |||||
| CVE-2016-2171 | 1 Apache | 1 Jetspeed | 2025-04-12 | 6.4 MEDIUM | 7.5 HIGH |
| The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API. | |||||
| CVE-2014-7999 | 1 Cisco | 6 Meraki Mr, Meraki Mr Firmware, Meraki Ms and 3 more | 2025-04-12 | 7.7 HIGH | N/A |
| Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565. | |||||
| CVE-2016-9014 | 3 Canonical, Djangoproject, Fedoraproject | 3 Ubuntu Linux, Django, Fedora | 2025-04-12 | 6.8 MEDIUM | 8.1 HIGH |
| Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWED_HOSTS. | |||||
| CVE-2016-10010 | 1 Openbsd | 1 Openssh | 2025-04-12 | 6.9 MEDIUM | 7.0 HIGH |
| sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c. | |||||
| CVE-2014-5179 | 2 Freelinking For Case Tracker Project, Freelinking Project | 2 Freelinking For Case Tracker, Freelinking | 2025-04-12 | 4.3 MEDIUM | N/A |
| The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link. | |||||