Total
5480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5217 | 1 Ipsilon Project | 1 Ipsilon | 2025-04-12 | 4.0 MEDIUM | N/A |
| providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name. | |||||
| CVE-2015-0773 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | 5.5 MEDIUM | N/A |
| Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078. | |||||
| CVE-2015-0160 | 1 Ibm | 1 Security Siteprotector System | 2025-04-12 | 9.0 HIGH | N/A |
| IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors. | |||||
| CVE-2015-6755 | 1 Google | 1 Chrome | 2025-04-12 | 7.5 HIGH | N/A |
| The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | |||||
| CVE-2015-5496 | 1 Pass2pdf Project | 1 Pass2pdf | 2025-04-12 | 5.0 MEDIUM | N/A |
| The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors. | |||||
| CVE-2014-8175 | 1 Redhat | 1 Jboss Fuse | 2025-04-12 | 6.0 MEDIUM | N/A |
| Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file. | |||||
| CVE-2014-4786 | 1 Ibm | 1 Initiate Master Data Service | 2025-04-12 | 4.9 MEDIUM | N/A |
| IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks, and bypass intended access restrictions or obtain sensitive information, via a crafted web site, related to a "frame injection" issue. | |||||
| CVE-2014-3963 | 1 Owncloud | 1 Owncloud | 2025-04-12 | 4.0 MEDIUM | N/A |
| ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors. | |||||
| CVE-2014-1764 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 10.0 HIGH | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014. | |||||
| CVE-2014-8643 | 3 Microsoft, Mozilla, Opensuse | 3 Windows, Firefox, Opensuse | 2025-04-12 | 7.1 HIGH | N/A |
| Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process. | |||||
| CVE-2015-3028 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-12 | 5.5 MEDIUM | N/A |
| McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters. | |||||
| CVE-2015-3849 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | N/A |
| The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via an application that sends a crafted message to a service, aka internal bug 21585255. | |||||
| CVE-2014-7822 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.2 HIGH | N/A |
| The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem. | |||||
| CVE-2016-3219 | 1 Microsoft | 1 Windows 10 | 2025-04-12 | 6.9 MEDIUM | 7.8 HIGH |
| The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||||
| CVE-2014-4078 | 1 Microsoft | 1 Internet Information Services | 2025-04-12 | 5.1 MEDIUM | N/A |
| The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability." | |||||
| CVE-2015-4305 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-12 | 4.0 MEDIUM | N/A |
| The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656. | |||||
| CVE-2014-3617 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | N/A |
| The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum. | |||||
| CVE-2016-2246 | 1 Hp | 1 Thinpro | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspecified vectors. | |||||
| CVE-2016-7188 | 1 Microsoft | 1 Windows 10 | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability." | |||||
| CVE-2016-2856 | 3 Canonical, Debian, Gnu | 3 Ubuntu Linux, Debian Linux, Glibc | 2025-04-12 | 7.2 HIGH | 8.4 HIGH |
| pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; the elibc package before 2.15-0ubuntu10.14 on Ubuntu 12.04 LTS and before 2.19-0ubuntu6.8 on Ubuntu 14.04 LTS; and the glibc package before 2.21-0ubuntu4.2 on Ubuntu 15.10 and before 2.23-0ubuntu1 on Ubuntu 16.04 LTS and 16.10 lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the --enable-pt_chown option. | |||||