Total
5226 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7071 | 1 Apple | 1 Mac Os X | 2024-02-28 | 10.0 HIGH | N/A |
| The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname. | |||||
| CVE-2016-7402 | 1 Sybase | 1 Adaptive Server Enterprise | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection. | |||||
| CVE-2015-6620 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | N/A |
| libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and 24445127. | |||||
| CVE-2015-3185 | 3 Apache, Apple, Canonical | 5 Http Server, Mac Os X, Mac Os X Server and 2 more | 2024-02-28 | 4.3 MEDIUM | N/A |
| The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging the presence of a module that relies on the 2.2 API behavior. | |||||
| CVE-2016-0096 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0095. | |||||
| CVE-2016-2491 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27556408. | |||||
| CVE-2016-0093 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0094, CVE-2016-0095, and CVE-2016-0096. | |||||
| CVE-2014-5415 | 1 Beckhoff | 2 Embedded Pc Images, Twincat | 2024-02-28 | 9.4 HIGH | 9.1 CRITICAL |
| Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or (3) TELNET service. | |||||
| CVE-2015-5637 | 1 Newphoria Corporation | 1 1.1 | 2024-02-28 | 6.8 MEDIUM | N/A |
| The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |||||
| CVE-2016-0069 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 9.3 HIGH | 8.8 HIGH |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0068. | |||||
| CVE-2015-6174 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2024-02-28 | 7.2 HIGH | N/A |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6171 and CVE-2015-6173. | |||||
| CVE-2015-4535 | 1 Emc | 1 Documentum Content Server | 2024-02-28 | 7.5 HIGH | N/A |
| Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote authenticated users to gain super-user privileges by leveraging the ability to read a log file containing a login ticket. | |||||
| CVE-2016-6651 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before 243; UAA 2.x before 2.7.4.8, 3.x before 3.3.0.6, and 3.4.x before 3.4.5; UAA BOSH before 11.7 and 12.x before 12.6; Elastic Runtime before 1.6.40, 1.7.x before 1.7.21, and 1.8.x before 1.8.2; and Ops Manager 1.7.x before 1.7.13 and 1.8.x before 1.8.1 allows remote authenticated users to gain privileges by leveraging possession of a token. | |||||
| CVE-2015-7063 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.2 HIGH | N/A |
| The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname. | |||||
| CVE-2016-5729 | 1 Lenovo | 1 Bios Efi Driver | 2024-02-28 | 6.8 MEDIUM | 8.2 HIGH |
| Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management Mode (SMM) privileges via unspecified vectors. | |||||
| CVE-2015-4306 | 1 Cisco | 1 Prime Collaboration Assurance | 2024-02-28 | 8.5 HIGH | N/A |
| The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334. | |||||
| CVE-2015-6643 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 6.6 MEDIUM |
| Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269. | |||||
| CVE-2015-5735 | 1 Fortinet | 1 Forticlient | 2024-02-28 | 7.2 HIGH | N/A |
| The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to write to arbitrary memory locations via a 0x226108 ioctl call. | |||||
| CVE-2016-4777 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app. | |||||
| CVE-2015-7003 | 1 Apple | 1 Mac Os X | 2024-02-28 | 6.8 MEDIUM | N/A |
| coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app. | |||||