Total
5247 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3876 | 1 Google | 1 Android | 2025-04-12 | 7.2 HIGH | 6.8 MEDIUM |
| providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug 29900345. | |||||
| CVE-2016-3847 | 1 Google | 1 Android | 2025-04-12 | 6.9 MEDIUM | 7.8 HIGH |
| The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433. | |||||
| CVE-2016-3864 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28823714 and Qualcomm internal bug CR913117. | |||||
| CVE-2014-9304 | 1 Plex | 1 Media Server | 2025-04-12 | 7.5 HIGH | N/A |
| Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server. | |||||
| CVE-2015-7062 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 4.6 MEDIUM | N/A |
| Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors. | |||||
| CVE-2014-1884 | 3 Adobe, Apache, Microsoft | 3 Phonegap, Cordova, Windows Phone | 2025-04-12 | 7.5 HIGH | N/A |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application. | |||||
| CVE-2014-2520 | 1 Emc | 1 Documentum Content Server | 2025-04-12 | 6.3 MEDIUM | N/A |
| EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request. | |||||
| CVE-2015-5264 | 1 Moodle | 1 Moodle | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role. | |||||
| CVE-2011-4406 | 1 Canonical | 2 Accountsservice, Ubuntu Linux | 2025-04-12 | 3.6 LOW | N/A |
| The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors. | |||||
| CVE-2015-7809 | 1 Symfony | 1 Twig | 2025-04-12 | 6.8 MEDIUM | N/A |
| The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template. | |||||
| CVE-2014-2905 | 1 Fishshell | 1 Fish | 2025-04-12 | 6.9 MEDIUM | N/A |
| fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the credentials, which allows local users to gain privileges via the universal variable socket, related to /tmp/fishd.socket.user permissions. | |||||
| CVE-2014-2119 | 1 Cisco | 3 Content Security Management Appliance, Email Security Appliance Firmware, Ironport Asyncos | 2025-04-12 | 8.5 HIGH | N/A |
| The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118. | |||||
| CVE-2014-0877 | 1 Ibm | 1 Cognos Tm1 | 2025-04-12 | 5.0 MEDIUM | N/A |
| IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows remote attackers to bypass intended access restrictions by visiting the Rights page and then following a generated link. | |||||
| CVE-2013-6775 | 2 Chainfire, Google | 2 Supersu, Android | 2025-04-12 | 10.0 HIGH | N/A |
| The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su. | |||||
| CVE-2016-3188 | 1 Prepopulate Project | 1 Prepopulate | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
| The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, and consequently have unspecified impact, via unspecified vectors. | |||||
| CVE-2016-7216 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2025-04-12 | 2.1 LOW | 5.5 MEDIUM |
| The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." | |||||
| CVE-2013-7221 | 1 Gnome | 1 Gnome-shell | 2025-04-12 | 4.6 MEDIUM | N/A |
| The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation. | |||||
| CVE-2016-6430 | 1 Cisco | 1 Ip Interoperability And Collaboration System | 2025-04-12 | 6.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated with their session. More Information: CSCva38636. Known Affected Releases: 4.10(1). Known Fixed Releases: 5.0(1). | |||||
| CVE-2014-8114 | 1 Redhat | 1 Uberfire | 2025-04-12 | 6.8 MEDIUM | N/A |
| The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary files via vectors involving FileDownloadServlet. | |||||
| CVE-2015-7662 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2025-04-12 | 7.8 HIGH | N/A |
| Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow remote attackers to bypass intended access restrictions and write to files via unspecified vectors. | |||||