Total
5484 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0068 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0069. | ||||
| CVE-2013-4193 | 1 Plone | 1 Plone | 2025-04-12 | N/A |
| typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL. | ||||
| CVE-2014-9642 | 1 Bullguard | 4 Bdagent.sys, Internet Security, Online Backup and 1 more | 2025-04-12 | N/A |
| bdagent.sys in BullGuard Antivirus, Internet Security, Premium Protection, and Online Backup before 15.0.288 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x0022405c IOCTL call. | ||||
| CVE-2016-2445 | 1 Google | 2 Android, Nexus 9 | 2025-04-12 | N/A |
| The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079. | ||||
| CVE-2016-3348 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | N/A |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| CVE-2015-5509 | 1 Administration Views Project | 1 Administration Views | 2025-04-12 | N/A |
| The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, when used with other unspecified modules, does not properly grant access to administration pages, which allows remote administrators to bypass intended restrictions via unspecified vectors. | ||||
| CVE-2014-9646 | 1 Google | 1 Chrome | 2025-04-12 | N/A |
| Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205. | ||||
| CVE-2016-2450 | 1 Google | 1 Android | 2025-04-12 | N/A |
| codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27569635. | ||||
| CVE-2014-3416 | 1 Jasig | 1 Uportal | 2025-04-12 | N/A |
| uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet. | ||||
| CVE-2015-5645 | 1 Icz | 1 Matchasns | 2025-04-12 | N/A |
| ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors. | ||||
| CVE-2015-5787 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app. | ||||
| CVE-2015-5849 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection. | ||||
| CVE-2015-5897 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. | ||||
| CVE-2015-5945 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters. | ||||
| CVE-2015-3631 | 2 Docker, Redhat | 2 Docker, Rhel Extras Other | 2025-04-12 | N/A |
| Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. | ||||
| CVE-2016-2452 | 1 Google | 1 Android | 2025-04-12 | N/A |
| codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 27662364 and 27843673. | ||||
| CVE-2015-6034 | 1 Epson | 1 Network Utility | 2025-04-12 | N/A |
| EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file. | ||||
| CVE-2015-6044 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 8 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| CVE-2014-0875 | 1 Ibm | 2 Storwize Unified V7000, Storwize Unified V7000 Software | 2025-04-12 | N/A |
| Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 through 1.4.3.x allows remote attackers to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions. | ||||
| CVE-2014-3431 | 2 Apple, Symantec | 3 Mac Os X, Encryption Desktop, Pgp Desktop | 2025-04-12 | N/A |
| Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x before 10.3.2 MP2, on OS X uses world-writable permissions for temporary files, which allows local users to bypass intended restrictions on file reading, modification, creation, and permission changes via unspecified vectors. | ||||