Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-8486 | 1 Cybozu | 1 Office | 2024-02-28 | 5.5 MEDIUM | 5.4 MEDIUM |
Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CVE-2015-8484, CVE-2015-8485, and CVE-2016-1152. | |||||
CVE-2015-8612 | 1 Blueman Project | 1 Blueman | 2024-02-28 | 7.2 HIGH | 8.4 HIGH |
The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument. | |||||
CVE-2016-2504 | 1 Google | 1 Android | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974. | |||||
CVE-2016-1627 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js. | |||||
CVE-2014-9870 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044. | |||||
CVE-2015-6645 | 1 Google | 1 Android | 2024-02-28 | 7.1 HIGH | 5.0 MEDIUM |
SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205. | |||||
CVE-2015-5400 | 3 Debian, Fedoraproject, Squid-cache | 3 Debian Linux, Fedora, Squid | 2024-02-28 | 6.8 MEDIUM | N/A |
Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend proxy via a CONNECT request. | |||||
CVE-2015-5635 | 1 Newphoria Corporation | 1 Koritore | 2024-02-28 | 6.8 MEDIUM | N/A |
The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |||||
CVE-2014-6276 | 2 Debian, Roundup-tracker | 2 Debian Linux, Roundup | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details. | |||||
CVE-2016-3169 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array. | |||||
CVE-2015-1688 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 6.8 MEDIUM | N/A |
Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||||
CVE-2015-4548 | 1 Rsa | 1 Web Threat Detection | 2024-02-28 | 7.2 HIGH | N/A |
EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file. | |||||
CVE-2016-1623 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp. | |||||
CVE-2015-5367 | 1 Hp | 39 Elite X2 1010 G2, Elitebook 1040 G1, Elitebook 1040 G2 and 36 more | 2024-02-28 | 6.9 MEDIUM | N/A |
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors. | |||||
CVE-2016-3871 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow attackers to gain privileges via a crafted application, aka internal bug 29422022. | |||||
CVE-2016-0380 | 1 Ibm | 1 Sterling Connect\ | 2024-02-28 | 2.1 LOW | 3.3 LOW |
IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations. | |||||
CVE-2016-0148 | 1 Microsoft | 1 .net Framework | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, which allows local users to gain privileges via a crafted application, aka ".NET Framework Remote Code Execution Vulnerability." | |||||
CVE-2015-2478 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2024-02-28 | 7.2 HIGH | N/A |
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application that triggers a Winsock call referencing an invalid address, aka "Winsock Elevation of Privilege Vulnerability." | |||||
CVE-2015-2871 | 1 Chiyu | 1 Bf-660c | 2024-02-28 | 7.5 HIGH | N/A |
Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different vulnerability than CVE-2015-5618. | |||||
CVE-2016-2817 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.3 MEDIUM | 5.4 MEDIUM |
The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL. |