Total
5480 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2371 | 1 Microsoft | 9 Windows 2003 Server, Windows 7, Windows 8 and 6 more | 2025-04-12 | 6.9 MEDIUM | N/A |
| The Windows Installer service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a custom action script associated with a .msi package, aka "Windows Installer EoP Vulnerability." | |||||
| CVE-2015-3761 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.2 HIGH | N/A |
| The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2016-3065 | 1 Postgresql | 1 Postgresql | 2025-04-12 | 8.5 HIGH | 9.1 CRITICAL |
| The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page. | |||||
| CVE-2014-1809 | 1 Microsoft | 1 Office | 2025-04-12 | 6.8 MEDIUM | N/A |
| The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1 makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, as exploited in the wild in May 2014, aka "MSCOMCTL ASLR Vulnerability." | |||||
| CVE-2015-1806 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 6.5 MEDIUM | N/A |
| The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors. | |||||
| CVE-2016-2440 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896. | |||||
| CVE-2016-3346 | 1 Microsoft | 1 Windows 10 | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Windows 10 Gold, 1511, and 1607 does not properly enforce permissions, which allows local users to obtain Administrator access via a crafted DLL, aka "Windows Permissions Enforcement Elevation of Privilege Vulnerability." | |||||
| CVE-2016-3804 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410. | |||||
| CVE-2014-1977 | 2 Google, Nttdocomo | 2 Android, Spmode Mail Android | 2025-04-12 | 4.3 MEDIUM | N/A |
| The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application. | |||||
| CVE-2014-5457 | 1 Qnap | 8 Ss-839, Ss-839 Firmware, Ts-459u and 5 more | 2025-04-12 | 2.1 LOW | N/A |
| QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed passwords by reading the password. | |||||
| CVE-2016-4381 | 1 Hp | 1 Xp7 Command View | 2025-04-12 | 4.4 MEDIUM | 4.5 MEDIUM |
| HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication Manager (RepMgr) and Device Manager (DevMgr) are enabled, allows local users to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2015-6859 | 1 Hp | 54 J8692a, J8693a, J8697a and 51 more | 2025-04-12 | 4.6 MEDIUM | 7.8 HIGH |
| HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860. | |||||
| CVE-2016-0822 | 1 Google | 1 Android | 2025-04-12 | 7.6 HIGH | 7.0 HIGH |
| The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. | |||||
| CVE-2015-8890 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461. | |||||
| CVE-2013-7347 | 1 Redhat | 2 Conga, Enterprise Linux | 2025-04-12 | 3.7 LOW | N/A |
| Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user and password in a cookie. | |||||
| CVE-2014-9800 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm internal bug CR692478. | |||||
| CVE-2014-8612 | 1 Freebsd | 1 Freebsd | 2025-04-12 | 4.6 MEDIUM | N/A |
| Multiple array index errors in the Stream Control Transmission Protocol (SCTP) module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allow local users to (1) gain privileges via the stream id to the setsockopt function, when setting the SCTIP_SS_VALUE option, or (2) read arbitrary kernel memory via the stream id to the getsockopt function, when getting the SCTP_SS_PRIORITY option. | |||||
| CVE-2015-5323 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | 6.5 MEDIUM | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user. | |||||
| CVE-2015-2126 | 1 Hp | 1 Hp-ux | 2025-04-12 | 7.2 HIGH | N/A |
| Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows local users to gain privileges by leveraging setuid permissions. | |||||
| CVE-2015-6654 | 1 Xen | 1 Xen | 2025-04-12 | 2.1 LOW | N/A |
| The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a foreign page, which allows remote domains to cause a denial of service by leveraging permissions to map the memory of a foreign guest. | |||||