Total
5480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1593 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 5.0 MEDIUM | N/A |
| The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. | |||||
| CVE-2015-0750 | 1 Cisco | 1 Hosted Collaboration Solution | 2025-04-12 | 6.5 MEDIUM | N/A |
| The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786. | |||||
| CVE-2015-4303 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | 6.5 MEDIUM | N/A |
| Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333. | |||||
| CVE-2014-4976 | 1 Sonicwall | 1 Scrutinizer | 2025-04-12 | 5.5 MEDIUM | N/A |
| Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to change user passwords via the user ID in the savePrefs parameter in a change password request to cgi-bin/admin.cgi. | |||||
| CVE-2015-5640 | 1 Basercms | 1 Basercms | 2025-04-12 | 6.5 MEDIUM | N/A |
| baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request. | |||||
| CVE-2014-0630 | 1 Emc | 1 Documentum Taskspace | 2025-04-12 | 4.0 MEDIUM | N/A |
| EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL. | |||||
| CVE-2015-7685 | 1 Glpi-project | 1 Glpi | 2025-04-12 | 4.0 MEDIUM | N/A |
| GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php. | |||||
| CVE-2016-0809 | 1 Google | 1 Android | 2025-04-12 | 8.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in the wifi_cleanup function in bcmdhd/wifi_hal/wifi_hal.cpp in Wi-Fi in Android 6.x before 2016-02-01 allows attackers to gain privileges by leveraging access to the local physical environment during execution of a crafted application, aka internal bug 25753768. | |||||
| CVE-2016-6449 | 1 Cisco | 1 Fireamp Connector Endpoint Software | 2025-04-12 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password. Stopping certain critical processes could cause a denial of service (DoS) condition, and certain security features could no longer be available. More Information: CSCvb40597. Known Affected Releases: 1. | |||||
| CVE-2014-0483 | 2 Djangoproject, Opensuse | 2 Django, Opensuse | 2025-04-12 | 3.5 LOW | N/A |
| The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field parameter in a popup action to an admin change form page, as demonstrated by a /admin/auth/user/?pop=1&t=password URI. | |||||
| CVE-2014-0061 | 1 Postgresql | 1 Postgresql | 2025-04-12 | 6.5 MEDIUM | N/A |
| The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions. | |||||
| CVE-2014-3333 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 9.0 HIGH | N/A |
| The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote authenticated users to obtain privileged access by conducting an "HTTP Intercept" attack and leveraging the ability to read files within the context of the web-server user account, aka Bug ID CSCup41014. | |||||
| CVE-2015-2550 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 7.2 HIGH | N/A |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability." | |||||
| CVE-2014-3006 | 1 Sitepark | 1 Information Enterprise Server | 2025-04-12 | 6.8 MEDIUM | N/A |
| Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when upgraded from an earlier version, does not properly restrict access, which allows remote attackers to change the manager account password and obtain sensitive information via a request to install/. | |||||
| CVE-2015-0717 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 6.9 MEDIUM | N/A |
| Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. | |||||
| CVE-2016-7215 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||||
| CVE-2016-6729 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684. | |||||
| CVE-2015-7071 | 1 Apple | 1 Mac Os X | 2025-04-12 | 10.0 HIGH | N/A |
| The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname. | |||||
| CVE-2016-2988 | 1 Ibm | 1 Tivoli Storage Manager For Virtual Environments | 2025-04-12 | 4.6 MEDIUM | 8.5 HIGH |
| IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain administrative access by leveraging multiple simultaneous logins. | |||||
| CVE-2015-4351 | 1 Web-dorado | 1 Web-dorado Spider Video Player | 2025-04-12 | 4.9 MEDIUM | N/A |
| The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL. | |||||