Total
5480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1341 | 1 Cisco | 1 Nx-os | 2025-04-12 | 6.9 MEDIUM | 9.8 CRITICAL |
| Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079. | |||||
| CVE-2014-4446 | 1 Apple | 1 Os X Server | 2025-04-12 | 2.1 LOW | N/A |
| Mail Service in Apple OS X Server before 4.0 does not enforce SACL changes until after a service restart, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a change made by an administrator. | |||||
| CVE-2014-8904 | 1 Ibm | 2 Aix, Vios | 2025-04-12 | 7.2 HIGH | N/A |
| lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value. | |||||
| CVE-2013-2604 | 1 Realnetworks | 1 Realarcade Installer | 2025-04-12 | 7.2 HIGH | N/A |
| RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game Installer) 2.6.0.481 and 3.0.7 uses weak permissions (Create Files/Write Data) for the GameHouse Games directory tree, which allows local users to gain privileges via a Trojan horse DLL in an individual game's directory, as demonstrated by DDRAW.DLL in the Zuma Deluxe directory. | |||||
| CVE-2016-4157 | 1 Adobe | 1 Creative Cloud | 2025-04-12 | 6.9 MEDIUM | 7.3 HIGH |
| Untrusted search path vulnerability in the installer in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse resource in an unspecified directory. | |||||
| CVE-2014-3576 | 2 Apache, Oracle | 3 Activemq, Business Intelligence Publisher, Fusion Middleware | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command. | |||||
| CVE-2016-7572 | 1 Drupal | 1 Drupal | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The system.temporary route in Drupal 8.x before 8.1.10 does not properly check for "Export configuration" permission, which allows remote authenticated users to bypass intended access restrictions and read a full config export via unspecified vectors. | |||||
| CVE-2013-6796 | 1 Deeproot Linux | 1 Deepofix | 2025-04-12 | 5.0 MEDIUM | N/A |
| The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind. | |||||
| CVE-2015-4322 | 1 Cisco | 1 Content Security Management Appliance | 2025-04-12 | 5.5 MEDIUM | N/A |
| Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894. | |||||
| CVE-2014-0545 | 5 Adobe, Apple, Google and 2 more | 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more | 2025-04-12 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on Windows and OS X and before 11.2.202.400 on Linux, Adobe AIR before 14.0.0.178 on Windows and OS X and before 14.0.0.179 on Android, Adobe AIR SDK before 14.0.0.178, and Adobe AIR SDK & Compiler before 14.0.0.178 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, and CVE-2014-0544. | |||||
| CVE-2015-6395 | 1 Cisco | 1 Prime Service Catalog | 2025-04-12 | 6.5 MEDIUM | N/A |
| Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188. | |||||
| CVE-2016-1629 | 4 Debian, Google, Novell and 1 more | 5 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 2 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
| Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. | |||||
| CVE-2016-6470 | 1 Cisco | 1 Hybrid Media Service | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb81344. Known Affected Releases: 1.0. | |||||
| CVE-2016-5143 | 1 Google | 1 Chrome | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144. | |||||
| CVE-2015-3029 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-12 | 4.0 MEDIUM | N/A |
| The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-3632 | 1 Openmediavault | 1 Openmediavault | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter. | |||||
| CVE-2013-3981 | 1 Ibm | 1 Sametime | 2025-04-12 | 5.0 MEDIUM | N/A |
| The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to download avatar photos of arbitrary users via unspecified vectors. | |||||
| CVE-2015-0803 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2025-04-12 | 7.5 HIGH | N/A |
| The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via a crafted HTML document. | |||||
| CVE-2015-8754 | 1 Acquia | 1 Mollom | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote attackers to bypass intended access restrictions and modify the mollom blacklist via unspecified vectors. | |||||
| CVE-2015-3185 | 3 Apache, Apple, Canonical | 5 Http Server, Mac Os X, Mac Os X Server and 2 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. | |||||