Total
5246 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7454 | 1 Ibm | 2 Business Process Manager, Websphere Process Server | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. | |||||
| CVE-2015-5989 | 1 Zyxel | 1 Gs1900-10hp Firmware | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. | |||||
| CVE-2014-6350 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6349. | |||||
| CVE-2015-0518 | 1 Emc | 1 Documentum D2 | 2025-04-12 | 9.0 HIGH | N/A |
| The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions. | |||||
| CVE-2013-6731 | 1 Ibm | 1 Netezza Performance Portal | 2025-04-12 | 4.0 MEDIUM | N/A |
| IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request. | |||||
| CVE-2016-1235 | 2 Debian, Oar Project | 2 Debian Linux, Oar | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| The oarsh script in OAR before 2.5.7 allows remote authenticated users of a cluster to obtain sensitive information and possibly gain privileges via vectors related to OpenSSH options. | |||||
| CVE-2014-6256 | 1 Zenoss | 1 Zenoss Core | 2025-04-12 | 7.5 HIGH | N/A |
| Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386. | |||||
| CVE-2013-4198 | 1 Plone | 1 Plone | 2025-04-12 | 4.0 MEDIUM | N/A |
| mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality. | |||||
| CVE-2014-8802 | 1 Genetechsolutions | 1 Pie Register | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action. | |||||
| CVE-2015-7840 | 1 Solarwinds | 1 Log And Event Manager | 2025-04-12 | 7.5 HIGH | N/A |
| The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature. | |||||
| CVE-2016-1337 | 1 Cisco | 2 Epc3928, Epc3928 Firmware | 2025-04-12 | 4.3 MEDIUM | 8.1 HIGH |
| Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178. | |||||
| CVE-2016-3871 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow attackers to gain privileges via a crafted application, aka internal bug 29422022. | |||||
| CVE-2015-7323 | 1 Juniper | 1 Pulse Connect Secure | 2025-04-12 | 3.5 LOW | N/A |
| The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar. | |||||
| CVE-2016-1751 | 1 Apple | 3 Iphone Os, Tvos, Watchos | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS before 2.2 does not properly restrict the execute permission, which allows attackers to bypass a code-signing protection mechanism via a crafted app. | |||||
| CVE-2014-3160 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | 6.8 MEDIUM | N/A |
| The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file. | |||||
| CVE-2014-8442 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2025-04-12 | 7.5 HIGH | N/A |
| Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions. | |||||
| CVE-2014-9026 | 1 Ubercart | 1 Ubercart | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors. | |||||
| CVE-2014-0116 | 1 Apache | 1 Struts | 2025-04-12 | 5.8 MEDIUM | N/A |
| CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. | |||||
| CVE-2016-2417 | 1 Google | 1 Android | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474. | |||||
| CVE-2015-2550 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 7.2 HIGH | N/A |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability." | |||||