Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-3158 | 1 Picketlink | 1 Picketlink | 2024-02-28 | 4.0 MEDIUM | N/A |
The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow. | |||||
CVE-2016-0813 | 1 Google | 1 Android | 2024-02-28 | 6.6 MEDIUM | 6.1 MEDIUM |
packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check for device provisioning, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25476219. | |||||
CVE-2015-7031 | 1 Apple | 1 Mac Os X Server | 2024-02-28 | 5.0 MEDIUM | N/A |
The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors. | |||||
CVE-2015-1904 | 1 Ibm | 1 Business Process Manager | 2024-02-28 | 3.5 LOW | N/A |
IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical system account configuration, allows remote authenticated users to bypass intended document-access restrictions via a (1) upload or (2) download action. | |||||
CVE-2016-7381 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a user input to index an array is not bounds checked, leading to denial of service or potential escalation of privileges. | |||||
CVE-2015-7835 | 1 Xen | 1 Xen | 2024-02-28 | 7.2 HIGH | N/A |
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. | |||||
CVE-2016-6406 | 1 Cisco | 1 Email Security Appliance Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, 9.7.2-047, 9.7.2-054, 10.0.0-124, and 10.0.0-125 on Email Security Appliance (ESA) devices, when Enrollment Client before 1.0.2-065 is installed, allows remote attackers to obtain root access via a connection to the testing/debugging interface, aka Bug ID CSCvb26017. | |||||
CVE-2016-2826 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows does not prevent MAR extracted-file modification during updater execution, which might allow local users to gain privileges via a Trojan horse file. | |||||
CVE-2015-5340 | 1 Moodle | 1 Moodle | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/overview.php or (2) badges/view.php. | |||||
CVE-2016-7570 | 1 Drupal | 1 Drupal | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Drupal 8.x before 8.1.10 does not properly check for "Administer comments" permission, which allows remote authenticated users to set the visibility of comments for arbitrary nodes by leveraging rights to edit those nodes. | |||||
CVE-2015-6623 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | N/A |
Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703. | |||||
CVE-2016-2503 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28084795 and Qualcomm internal bug CR1006067. | |||||
CVE-2016-4802 | 1 Haxx | 1 Curl | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. | |||||
CVE-2015-4032 | 1 Visual Mining | 1 Netcharts Server | 2024-02-28 | 10.0 HIGH | N/A |
projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors. | |||||
CVE-2015-5252 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2024-02-28 | 5.0 MEDIUM | 7.2 HIGH |
vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share. | |||||
CVE-2015-8892 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998. | |||||
CVE-2015-6772 | 1 Google | 1 Chrome | 2024-02-28 | 7.5 HIGH | N/A |
The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin. | |||||
CVE-2016-0917 | 1 Emc | 13 Vnx1 Oe Firmware, Vnx2 Oe Firmware, Vnx5200 and 10 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to 3.1.5.8711957 and VNXe3100/3150/3300 Operating Environment prior to 2.4.4.22638), VNX1 File OE before 7.1.80.3, VNX2 File OE before 8.1.9.155, and Celerra (all supported versions) does not prevent duplicate NTLM challenge-response nonces, which makes it easier for remote attackers to execute arbitrary code, or read or write to files, via a series of authentication requests, a related issue to CVE-2010-0231. | |||||
CVE-2015-8955 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-02-28 | 6.9 MEDIUM | 7.3 HIGH |
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs. | |||||
CVE-2016-1335 | 1 Cisco | 1 Asr 5000 Series Software | 2024-02-28 | 7.1 HIGH | 7.5 HIGH |
The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x before 20.0.M0.62768 on ASR 5000 devices mishandles a multi-user public-key authentication configuration, which allows remote authenticated users to gain privileges by establishing a connection from an endpoint that was previously used for an administrator's connection, aka Bug ID CSCux22492. |