Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1631 | 1 Google | 1 Chrome | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
| The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
| CVE-2014-3204 | 2 Ayatana Project, Canonical | 2 Unity, Ubuntu Linux | 2025-04-12 | 4.4 MEDIUM | N/A |
| Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demonstrated by right-clicking on the indicator bar and then pressing the ALT and F2 keys. | |||||
| CVE-2016-6651 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token. | |||||
| CVE-2013-7066 | 1 Entity Reference Project | 1 Entityreference | 2025-04-12 | 4.3 MEDIUM | N/A |
| The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node. | |||||
| CVE-2015-0197 | 1 Ibm | 1 General Parallel File System | 2025-04-12 | 7.2 HIGH | N/A |
| IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to obtain root privileges for program execution via unspecified vectors. | |||||
| CVE-2015-0760 | 1 Cisco | 1 Adaptive Security Appliance Software | 2025-04-12 | 4.0 MEDIUM | N/A |
| The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259. | |||||
| CVE-2016-9644 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels. | |||||
| CVE-2015-1856 | 2 Canonical, Openstack | 2 Ubuntu Linux, Swift | 2025-04-12 | 5.5 MEDIUM | N/A |
| OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container. | |||||
| CVE-2016-7222 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privilege Vulnerability." | |||||
| CVE-2016-2410 | 1 Google | 1 Android | 2025-04-12 | 6.9 MEDIUM | 7.4 HIGH |
| A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 26291677. | |||||
| CVE-2016-1416 | 1 Cisco | 1 Prime Collaboration Provisioning | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513. | |||||
| CVE-2016-3887 | 1 Google | 1 Android | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOW_CONFIG_VPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712. | |||||
| CVE-2016-2430 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows attackers to gain privileges via an application containing a crafted symbol name, aka internal bug 27299236. | |||||
| CVE-2015-4219 | 1 Cisco | 2 Identity Services Engine Software, Secure Access Control System | 2025-04-12 | 4.0 MEDIUM | N/A |
| Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331. | |||||
| CVE-2015-0001 | 1 Microsoft | 5 Windows 8, Windows 8.1, Windows Rt and 2 more | 2025-04-12 | 1.9 LOW | N/A |
| The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka "Windows Error Reporting Security Feature Bypass Vulnerability." | |||||
| CVE-2016-3849 | 1 Google | 1 Android | 2025-04-12 | 6.9 MEDIUM | 7.8 HIGH |
| The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740. | |||||
| CVE-2013-7374 | 1 Canonical | 1 Ubuntu Linux | 2025-04-12 | 4.6 MEDIUM | N/A |
| The Ubuntu Date and Time Indicator (aka indicator-datetime) 13.10.0+13.10.x before 13.10.0+13.10.20131023.2-0ubuntu1.1 does not properly restrict access to Evolution, which allows local users to bypass the greeter screen restrictions by clicking the date. | |||||
| CVE-2011-5290 | 1 Idrive Inc | 1 Idrive Online Backup | 2025-04-12 | 6.4 MEDIUM | N/A |
| The SaveToFile method in the UniBasicPack.UniTextBox ActiveX control in UniBasic100_EDA1811C.ocx in IDrive Online Backup 3.4.0 allows remote attackers to write to arbitrary files via a pathname in the first argument. | |||||
| CVE-2016-2501 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 27890772 and Qualcomm internal bug CR1001092. | |||||
| CVE-2016-1773 | 1 Apple | 1 Mac Os X | 2025-04-12 | 2.1 LOW | 3.3 LOW |
| The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. | |||||