Total
5476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8373 | 1 Vmware | 1 Vcloud Automation Center | 2025-04-12 | N/A |
| The VMware Remote Console (VMRC) function in VMware vCloud Automation Center (vCAC) 6.0.1 through 6.1.1 allows remote authenticated users to gain privileges via vectors involving the "Connect (by) Using VMRC" function. | ||||
| CVE-2016-1629 | 5 Debian, Google, Novell and 2 more | 6 Debian Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 3 more | 2025-04-12 | N/A |
| Google Chrome before 48.0.2564.116 allows remote attackers to bypass the Blink Same Origin Policy and a sandbox protection mechanism via unspecified vectors. | ||||
| CVE-2015-5268 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value. | ||||
| CVE-2015-4287 | 1 Cisco | 1 Firepower Extensible Operating System | 2025-04-12 | N/A |
| Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230. | ||||
| CVE-2015-8222 | 1 Canonical | 1 Ubuntu Linux | 2025-04-12 | N/A |
| The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2016-5499 | 1 Oracle | 1 Database Server | 2025-04-12 | N/A |
| Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5498. | ||||
| CVE-2015-4231 | 1 Cisco | 3 Nexus 7000, Nexus 7700, Nx-os | 2025-04-12 | N/A |
| The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416. | ||||
| CVE-2015-4303 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | N/A |
| Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parameter, aka Bug ID CSCuv12333. | ||||
| CVE-2014-1424 | 2 Canonical, Ubuntu | 2 Ubuntu, Apparmor | 2025-04-12 | N/A |
| apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw." | ||||
| CVE-2014-1885 | 2 Adobe, Hsgroup | 2 Phonegap, Forzearmate | 2025-04-12 | N/A |
| The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain. | ||||
| CVE-2014-9873 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860. | ||||
| CVE-2014-1883 | 1 Adobe | 1 Phonegap | 2025-04-12 | N/A |
| Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application. | ||||
| CVE-2014-1882 | 2 Adobe, Apache | 2 Phonegap, Cordova | 2025-04-12 | N/A |
| Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls. | ||||
| CVE-2015-4219 | 1 Cisco | 2 Identity Services Engine Software, Secure Access Control System | 2025-04-12 | N/A |
| Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331. | ||||
| CVE-2014-7999 | 1 Cisco | 6 Meraki Mr, Meraki Mr Firmware, Meraki Ms and 3 more | 2025-04-12 | N/A |
| Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 allow remote authenticated users to install arbitrary firmware by leveraging unspecified HTTP handler access on the local network, aka Cisco-Meraki defect ID 00478565. | ||||
| CVE-2014-8015 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | N/A |
| The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400. | ||||
| CVE-2015-8941 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473. | ||||
| CVE-2014-8131 | 1 Redhat | 1 Libvirt | 2025-04-12 | N/A |
| The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated users to cause a denial of service (deadlock or segmentation fault and crash) via a request to access the users does not have privileges to access. | ||||
| CVE-2014-9141 | 1 Thomsonreuters | 1 Fixed Assets Cs | 2025-04-12 | N/A |
| The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program. | ||||
| CVE-2013-5460 | 1 Ibm | 2 Maximo Asset Management, Smartcloud Control Desk | 2025-04-12 | N/A |
| IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and read communication logs associated with unrelated records, via unspecified vectors. | ||||