Total
5251 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8023 | 2 Canonical, Strongswan | 2 Ubuntu Linux, Strongswan | 2025-04-12 | 5.0 MEDIUM | N/A |
| The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers to bypass authentication via an empty Success message in response to an initial Challenge message. | |||||
| CVE-2015-0802 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 37.0 relies on docshell type information instead of page principal information for Window.webidl access control, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via certain content navigation that leverages the reachability of a privileged window with an unintended persistence of access to restricted internal methods. | |||||
| CVE-2015-7707 | 1 Igniterealtime | 1 Openfire | 2025-04-12 | 6.5 MEDIUM | N/A |
| Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp. | |||||
| CVE-2013-2048 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | 6.5 MEDIUM | N/A |
| ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary API commands. | |||||
| CVE-2015-0603 | 1 Cisco | 3 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9900 Series Firmware | 2025-04-12 | 4.6 MEDIUM | N/A |
| Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone's filesystem, aka Bug ID CSCup90474. | |||||
| CVE-2016-3874 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X devices does not properly validate the arguments array, which allows attackers to gain privileges via a crafted application that sends a WE_UNIT_TEST_CMD command, aka Android internal bug 29944562 and Qualcomm internal bug CR997797. | |||||
| CVE-2015-7227 | 1 Fieldable Panels Panes Project | 1 Fieldable Panels Panes | 2025-04-12 | 3.5 LOW | N/A |
| The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes by leveraging permissions to edit panels. | |||||
| CVE-2016-4997 | 5 Canonical, Debian, Linux and 2 more | 11 Ubuntu Linux, Debian Linux, Linux Kernel and 8 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement. | |||||
| CVE-2013-7364 | 1 Sap | 1 Netweaver | 2025-04-12 | 7.5 HIGH | N/A |
| An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver does not properly restrict access, which allows remote attackers to read and write to arbitrary files via unknown vectors. | |||||
| CVE-2014-9735 | 1 Themepunch | 2 Showbiz Pro, Slider Revolution | 2025-04-12 | 7.5 HIGH | N/A |
| The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors. | |||||
| CVE-2015-0004 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 7.2 HIGH | N/A |
| The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user's UsrClass.dat registry hive, aka MSRC ID 20674 or "Microsoft User Profile Service Elevation of Privilege Vulnerability." | |||||
| CVE-2014-3555 | 1 Openstack | 1 Neutron | 2025-04-12 | 4.0 MEDIUM | N/A |
| OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs. | |||||
| CVE-2015-5323 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 6.5 MEDIUM | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user. | |||||
| CVE-2016-1386 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The API in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0(1) allows remote attackers to spoof administrative notifications via crafted attribute-value pairs, aka Bug ID CSCux15521. | |||||
| CVE-2014-6288 | 1 Alex Kellner | 1 Powermail | 2025-04-12 | 7.5 HIGH | N/A |
| The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors. | |||||
| CVE-2014-3416 | 1 Jasig | 1 Uportal | 2025-04-12 | 6.5 MEDIUM | N/A |
| uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet. | |||||
| CVE-2014-1383 | 1 Apple | 1 Tvos | 2025-04-12 | 5.5 MEDIUM | N/A |
| Apple TV before 6.1.2 allows remote authenticated users to bypass an intended password requirement for iTunes Store purchase transactions via unspecified vectors. | |||||
| CVE-2015-2126 | 1 Hp | 1 Hp-ux | 2025-04-12 | 7.2 HIGH | N/A |
| Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions. | |||||
| CVE-2014-4078 | 1 Microsoft | 1 Internet Information Services | 2025-04-12 | 5.1 MEDIUM | N/A |
| The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability." | |||||
| CVE-2014-2388 | 1 Blackberry | 5 Blackberry Os, Q10, Q5 and 2 more | 2025-04-12 | 6.1 MEDIUM | N/A |
| The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode. | |||||