Total
5480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6666 | 1 Google | 1 Chrome | 2025-04-12 | 5.8 MEDIUM | N/A |
| The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header. | |||||
| CVE-2012-5498 | 1 Plone | 1 Plone | 2025-04-12 | 5.0 MEDIUM | N/A |
| queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection. | |||||
| CVE-2015-1515 | 1 Softsphere | 1 Defensewall Personal Firewall | 2025-04-12 | 7.2 HIGH | N/A |
| The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call. | |||||
| CVE-2016-2288 | 1 Cogentdatahub | 1 Cogent Datahub | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. | |||||
| CVE-2015-1155 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | 4.3 MEDIUM | N/A |
| The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. | |||||
| CVE-2016-1196 | 1 Cybozu | 1 Garoon | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. | |||||
| CVE-2012-5560 | 1 Mate-desktop | 1 Mate-settings-daemon | 2025-04-12 | 2.1 LOW | N/A |
| The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call. | |||||
| CVE-2016-2488 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27600832. | |||||
| CVE-2014-0592 | 2 Crowbar, Novell | 2 Barclamp, Suse Cloud | 2025-04-12 | 7.5 HIGH | N/A |
| Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs. | |||||
| CVE-2015-3085 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2025-04-12 | 6.4 MEDIUM | N/A |
| Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3083. | |||||
| CVE-2016-2826 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file. | |||||
| CVE-2016-1435 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2025-04-12 | 6.2 MEDIUM | 7.0 HIGH |
| Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. | |||||
| CVE-2015-1748 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 6.8 MEDIUM | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1743. | |||||
| CVE-2015-1867 | 2 Clusterlabs, Redhat | 3 Pacemaker, Enterprise Linux High Availability, Enterprise Linux Resilient Storage | 2025-04-12 | 7.5 HIGH | N/A |
| Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. | |||||
| CVE-2014-4495 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 10.0 HIGH | N/A |
| The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions via a crafted app. | |||||
| CVE-2014-2684 | 1 Zend | 2 Zend Framework, Zendopenid | 2025-04-12 | 6.4 MEDIUM | N/A |
| The GenericConsumer class in the Consumer component in ZendOpenId before 2.0.2 and the Zend_OpenId_Consumer class in Zend Framework 1 before 1.12.4 does not verify that the openid_op_endpoint value identifies the same Identity Provider as the provider used in the association handle, which allows remote attackers to bypass authentication and spoof arbitrary OpenID identities by using a malicious OpenID Provider that generates OpenID tokens with arbitrary identifier and claimed_id values. | |||||
| CVE-2015-0768 | 1 Cisco | 1 Prime Network Control System | 2025-04-12 | 6.5 MEDIUM | N/A |
| The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371. | |||||
| CVE-2016-1152 | 1 Cybozu | 1 Office | 2025-04-12 | 5.5 MEDIUM | 5.4 MEDIUM |
| Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions, and read or write to plan data, via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2015-8486. | |||||
| CVE-2015-0605 | 1 Cisco | 2 Asyncos, Email Security Appliance Firmware | 2025-04-12 | 4.3 MEDIUM | N/A |
| The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343. | |||||
| CVE-2013-7196 | 1 Phpfox | 1 Phpfox | 2025-04-12 | 5.5 MEDIUM | N/A |
| static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication. | |||||