Total
5467 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8940 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367. | |||||
| CVE-2014-4493 | 1 Apple | 1 Iphone Os | 2025-04-12 | 7.5 HIGH | N/A |
| The app-installation functionality in MobileInstallation in Apple iOS before 8.1.3 allows attackers to obtain control of the local app container by leveraging access to an enterprise distribution certificate for signing a crafted app. | |||||
| CVE-2015-4305 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-12 | 4.0 MEDIUM | N/A |
| The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656. | |||||
| CVE-2015-6347 | 1 Cisco | 1 Secure Access Control Server | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an unspecified web page. | |||||
| CVE-2015-0554 | 1 Adb | 2 P.dga4001n, P.dga4001n Firmware | 2025-04-12 | 9.4 HIGH | N/A |
| The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html. | |||||
| CVE-2011-4406 | 1 Canonical | 2 Accountsservice, Ubuntu Linux | 2025-04-12 | 3.6 LOW | N/A |
| The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does not properly drop privileges when changing language settings, which allows local users to modify arbitrary files via unspecified vectors. | |||||
| CVE-2013-4273 | 1 Entity Api Project | 1 Entity Api | 2025-04-12 | 4.0 MEDIUM | N/A |
| The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE: this identifier was SPLIT per ADT5 due to different researcher organizations. CVE-2013-7391 was assigned for the View vector. | |||||
| CVE-2015-3336 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2025-04-12 | 4.3 MEDIUM | N/A |
| Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL. | |||||
| CVE-2014-4759 | 1 Ibm | 1 Business Process Manager | 2025-04-12 | 4.0 MEDIUM | N/A |
| An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager (BPM) 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results. | |||||
| CVE-2014-4684 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-12 | 6.0 MEDIUM | N/A |
| The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433. | |||||
| CVE-2016-0057 | 1 Microsoft | 1 Office | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka "Microsoft Office Security Feature Bypass Vulnerability." | |||||
| CVE-2014-9782 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349. | |||||
| CVE-2014-3290 | 1 Cisco | 1 Ios Xe | 2025-04-12 | 4.8 MEDIUM | N/A |
| The mDNS implementation in Cisco IOS XE 3.12S does not properly interact with autonomic networking, which allows remote attackers to obtain sensitive networking-services information by sniffing the network or overwrite networking-services data via a crafted mDNS response, aka Bug ID CSCun64867. | |||||
| CVE-2015-3793 | 1 Apple | 1 Iphone Os | 2025-04-12 | 4.3 MEDIUM | N/A |
| CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |||||
| CVE-2014-6384 | 1 Juniper | 1 Junos | 2025-04-12 | 6.9 MEDIUM | N/A |
| Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, 12.1X47 before 12.1X47-D15, 12.3 before 12.3R9, 13.1 before 13.1R4-S3, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 does not properly handle double quotes in authorization attributes in the TACACS+ configuration, which allows local users to bypass the security policy and execute commands via unspecified vectors. | |||||
| CVE-2014-8823 | 1 Apple | 1 Mac Os X | 2025-04-12 | 4.7 MEDIUM | N/A |
| The IOUSBControllerUserClient::ReadRegister function in the IOUSB controller in IOUSBFamily in Apple OS X before 10.10.2 allows local users to read data from arbitrary kernel-memory locations by leveraging root access and providing a crafted first argument. | |||||
| CVE-2013-1807 | 1 Php-fusion | 1 Php-fusion | 2025-04-12 | 5.0 MEDIUM | N/A |
| PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administration/db_backups/. | |||||
| CVE-2015-7371 | 1 Revive-adserver | 1 Revive Adserver | 2025-04-12 | 5.0 MEDIUM | N/A |
| Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption) via a direct request. | |||||
| CVE-2015-8222 | 1 Canonical | 1 Ubuntu Linux | 2025-04-12 | 4.6 MEDIUM | N/A |
| The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2015-6296 | 1 Cisco | 1 Prime Network Registrar | 2025-04-12 | 7.2 HIGH | N/A |
| Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has a default account, which allows local users to obtain root access by leveraging knowledge of the credentials, aka Bug ID CSCuw21825. | |||||