Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5021 | 1 Ibm | 1 Infosphere Information Server | 2025-04-12 | N/A |
| IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-3555 | 2 Openstack, Redhat | 2 Neutron, Openstack | 2025-04-12 | N/A |
| OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a large number of allowed address pairs. | ||||
| CVE-2014-4354 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. | ||||
| CVE-2014-4076 | 1 Microsoft | 1 Windows Server 2003 | 2025-04-12 | N/A |
| Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability." | ||||
| CVE-2015-2348 | 4 Apple, Opensuse, Php and 1 more | 11 Mac Os X, Opensuse, Php and 8 more | 2025-04-12 | N/A |
| The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. | ||||
| CVE-2015-5264 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role. | ||||
| CVE-2015-5272 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants." | ||||
| CVE-2015-5281 | 1 Redhat | 1 Enterprise Linux | 2025-04-12 | N/A |
| The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu. | ||||
| CVE-2015-5304 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-04-12 | N/A |
| Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors. | ||||
| CVE-2016-9120 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.8 High |
| Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by calling ION_IOC_FREE on two CPUs at the same time. | ||||
| CVE-2016-2489 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407629. | ||||
| CVE-2015-5496 | 1 Pass2pdf Project | 1 Pass2pdf | 2025-04-12 | N/A |
| The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors. | ||||
| CVE-2015-5499 | 1 Navigate Project | 1 Navigate | 2025-04-12 | N/A |
| The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission. | ||||
| CVE-2016-3774 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 29008609 and MediaTek internal bug ALPS02703102. | ||||
| CVE-2014-5337 | 2 Wordpress Mobile Pack Project, Wpmobilepack | 2 Wordpress Mobile Pack, Wordpress Mobile Pack | 2025-04-12 | N/A |
| The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exportarticles action to export/content.php. | ||||
| CVE-2016-9192 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | N/A |
| A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to the Microsoft Windows operating system SYSTEM account. More Information: CSCvb68043. Known Affected Releases: 4.3(2039) 4.3(748). Known Fixed Releases: 4.3(4019) 4.4(225). | ||||
| CVE-2015-5635 | 1 Newphoria Corporation | 1 Koritore | 2025-04-12 | N/A |
| The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
| CVE-2016-1990 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2025-04-12 | N/A |
| HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors. | ||||
| CVE-2014-4062 | 1 Microsoft | 1 .net Framework | 2025-04-12 | N/A |
| Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 does not properly implement the ASLR protection mechanism, which allows remote attackers to obtain sensitive address information via a crafted web site, aka ".NET ASLR Vulnerability." | ||||
| CVE-2016-10116 | 1 Netgear | 8 Arlo Base Station Firmware, Arlo Q Camera Firmware, Arlo Q Plus Camera Firmware and 5 more | 2025-04-12 | N/A |
| NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack. | ||||