Total
5483 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9780 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28602014 and Qualcomm internal bug CR542222. | ||||
| CVE-2015-0214 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request. | ||||
| CVE-2016-3793 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026625. | ||||
| CVE-2014-0119 | 2 Apache, Redhat | 10 Tomcat, Enterprise Linux, Jboss Bpms and 7 more | 2025-04-12 | N/A |
| Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application. | ||||
| CVE-2015-1489 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. | ||||
| CVE-2014-9024 | 1 Protected Pages Project | 1 Protected Pages | 2025-04-12 | N/A |
| The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path. | ||||
| CVE-2016-5020 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2025-04-12 | N/A |
| F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script. | ||||
| CVE-2014-9026 | 1 Ubercart | 1 Ubercart | 2025-04-12 | N/A |
| The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-2366 | 1 Microsoft | 7 Windows 7, Windows 8, Windows 8.1 and 4 more | 2025-04-12 | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| CVE-2014-4140 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | ||||
| CVE-2014-0484 | 1 Canonical | 1 Acpi-support | 2025-04-12 | N/A |
| The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment." | ||||
| CVE-2015-5637 | 1 Newphoria Corporation | 1 1.1 | 2025-04-12 | N/A |
| The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | ||||
| CVE-2015-5645 | 1 Icz | 1 Matchasns | 2025-04-12 | N/A |
| ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors. | ||||
| CVE-2014-4157 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem. | ||||
| CVE-2015-8570 | 1 Lepide | 1 Active Directory Self Service | 2025-04-12 | N/A |
| The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request. | ||||
| CVE-2014-1504 | 4 Mozilla, Opensuse, Oracle and 1 more | 7 Firefox, Seamonkey, Opensuse and 4 more | 2025-04-12 | N/A |
| The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart. | ||||
| CVE-2014-9633 | 1 Comodo | 1 Backup | 2025-04-12 | N/A |
| The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote attackers to gain privileges via a crafted device handle, which triggers a NULL pointer dereference. | ||||
| CVE-2015-5770 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app. | ||||
| CVE-2015-6018 | 1 Zyxel | 1 Pmg5318-b20a Firmware | 2025-04-12 | N/A |
| The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. | ||||
| CVE-2014-9002 | 1 Lantronix | 1 Xprintserver | 2025-04-12 | N/A |
| Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action. | ||||