Total
5467 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4089 | 1 Bzip | 1 Bzip2 | 2025-04-12 | 4.6 MEDIUM | N/A |
| The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory. | |||||
| CVE-2014-0127 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.9 MEDIUM | N/A |
| The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time. | |||||
| CVE-2015-3028 | 1 Mcafee | 1 Advanced Threat Defense | 2025-04-12 | 5.5 MEDIUM | N/A |
| McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters. | |||||
| CVE-2016-3769 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28376656. | |||||
| CVE-2014-6185 | 1 Ibm | 1 Tivoli Storage Manager | 2025-04-12 | 7.2 HIGH | N/A |
| dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users to gain privileges via a crafted DSO file. | |||||
| CVE-2016-3250 | 1 Microsoft | 2 Windows 10, Windows Server 2012 | 2025-04-12 | 7.2 HIGH | 7.3 HIGH |
| The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||||
| CVE-2016-1963 | 1 Mozilla | 1 Firefox | 2025-04-12 | 4.4 MEDIUM | 7.4 HIGH |
| The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. | |||||
| CVE-2016-5572 | 1 Oracle | 1 Database | 2025-04-12 | 4.4 MEDIUM | 6.4 MEDIUM |
| Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2015-2271 | 1 Moodle | 1 Moodle | 2025-04-12 | 4.0 MEDIUM | N/A |
| tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the "Flag as inappropriate" feature. | |||||
| CVE-2016-2408 | 2 Microsoft, Pulsesecure | 5 Windows, Odyssey Access Client, Pulse Secure Desktop and 2 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via unspecified vectors. | |||||
| CVE-2014-1217 | 1 Livetecs | 1 Timeline | 2025-04-12 | 7.5 HIGH | N/A |
| Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors. | |||||
| CVE-2014-1933 | 2 Python, Pythonware | 2 Pillow, Python Imaging Library | 2025-04-12 | 2.1 LOW | N/A |
| The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes. | |||||
| CVE-2015-5019 | 1 Ibm | 2 Sterling B2b Integrator, Sterling Integrator | 2025-04-12 | 5.5 MEDIUM | N/A |
| IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement. | |||||
| CVE-2016-3989 | 1 Meinberg | 12 Ims-lantime M1000, Ims-lantime M3000, Ims-lantime M500 and 9 more | 2025-04-12 | 8.5 HIGH | 8.1 HIGH |
| The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root privileges for writing to unspecified scripts, and consequently obtain sensitive information or modify data, by leveraging access to the nobody account. | |||||
| CVE-2014-4122 | 1 Microsoft | 1 .net Framework | 2025-04-12 | 4.3 MEDIUM | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging the predictability of an executable image's location, aka ".NET ASLR Vulnerability." | |||||
| CVE-2014-4073 | 1 Microsoft | 1 .net Framework | 2025-04-12 | 10.0 HIGH | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce Elevation of Privilege Vulnerability." | |||||
| CVE-2014-0240 | 1 Modwsgi | 1 Mod Wsgi | 2025-04-12 | 6.2 MEDIUM | N/A |
| The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes. | |||||
| CVE-2015-1593 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 5.0 MEDIUM | N/A |
| The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. | |||||
| CVE-2016-2171 | 1 Apache | 1 Jetspeed | 2025-04-12 | 6.4 MEDIUM | 7.5 HIGH |
| The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to (1) add, (2) edit, or (3) delete users via the REST API. | |||||
| CVE-2014-6141 | 1 Ibm | 1 Tivoli Monitoring | 2025-04-12 | 8.5 HIGH | N/A |
| IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, 6.2.3 through FP05, and 6.3.0 before FP04 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging Take Action view authority to modify in-progress commands. | |||||