Total
5483 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-8000 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2025-04-12 | N/A |
| Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497. | ||||
| CVE-2014-8015 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-12 | N/A |
| The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400. | ||||
| CVE-2013-7330 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| Jenkins before 1.502 allows remote authenticated users to configure an otherwise restricted project via vectors related to post-build actions. | ||||
| CVE-2011-5290 | 1 Idrive Inc | 1 Idrive Online Backup | 2025-04-12 | N/A |
| The SaveToFile method in the UniBasicPack.UniTextBox ActiveX control in UniBasic100_EDA1811C.ocx in IDrive Online Backup 3.4.0 allows remote attackers to write to arbitrary files via a pathname in the first argument. | ||||
| CVE-2015-6348 | 1 Cisco | 1 Secure Access Control Server | 2025-04-12 | N/A |
| The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read report or status information, by visiting an unspecified web page. | ||||
| CVE-2015-6383 | 1 Cisco | 1 Ios Xe | 2025-04-12 | N/A |
| Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter crafted filenames, aka Bug ID CSCuv93130. | ||||
| CVE-2015-6520 | 1 Ippusbxd Project | 1 Ippusbxd | 2025-04-12 | N/A |
| IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request. | ||||
| CVE-2015-6596 | 1 Google | 1 Android | 2025-04-12 | N/A |
| mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717. | ||||
| CVE-2015-6620 | 1 Google | 1 Android | 2025-04-12 | N/A |
| libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and 24445127. | ||||
| CVE-2015-6621 | 1 Google | 1 Android | 2025-04-12 | N/A |
| SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438. | ||||
| CVE-2014-4368 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The Accessibility subsystem in Apple iOS before 8 allows attackers to interfere with screen locking via vectors related to AssistiveTouch events. | ||||
| CVE-2011-5289 | 1 Diego Uscanga | 1 Atube Catcher | 2025-04-12 | N/A |
| The SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX control in ChilkatCrypt2.dll in aTube Catcher 2.3.570 allows remote attackers to write to arbitrary files via a pathname in the argument. | ||||
| CVE-2014-4354 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session. | ||||
| CVE-2014-1649 | 1 Symantec | 1 Workspace Streaming | 2025-04-12 | N/A |
| The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS. | ||||
| CVE-2011-5275 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-12 | N/A |
| The install script in Domain Technologie Control (DTC) before 0.34.1 gives sudo permissions for chrootuid to the dtc user, which makes it easier for context-dependent users to gain privileges. | ||||
| CVE-2014-0344 | 1 Zohocorp | 1 Manageengine Opstor | 2025-04-12 | N/A |
| Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter. | ||||
| CVE-2014-4423 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| The Accounts subsystem in Apple iOS before 8 allows attackers to bypass a sandbox protection mechanism and obtain an active iCloud account's Apple ID and metadata via a crafted application. | ||||
| CVE-2015-7063 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname. | ||||
| CVE-2015-0002 | 1 Microsoft | 7 Windows 7, Windows 8, Windows 8.1 and 4 more | 2025-04-12 | N/A |
| The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or "Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability." | ||||
| CVE-2013-2027 | 2 Jython Project, Opensuse | 2 Jython, Opensuse | 2025-04-12 | N/A |
| Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. | ||||