Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-4389 | 1 Open Graph Importer Project | 1 Open Graph Importer | 2024-02-28 | 4.0 MEDIUM | N/A |
The Open Graph Importer (og_tag_importer) 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass intended restrictions by leveraging the "import og_tag_importer" permission. | |||||
CVE-2015-5324 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-02-28 | 5.0 MEDIUM | N/A |
Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api. | |||||
CVE-2016-3270 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 10.0 HIGH | 7.8 HIGH |
The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||||
CVE-2016-3355 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "GDI Elevation of Privilege Vulnerability." | |||||
CVE-2015-1806 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-02-28 | 6.5 MEDIUM | N/A |
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors. | |||||
CVE-2016-0807 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 8.4 HIGH |
The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application that mishandles a Desc Size element in an ELF Note, aka internal bug 25187394. | |||||
CVE-2015-6034 | 1 Epson | 1 Network Utility | 2024-02-28 | 6.9 MEDIUM | N/A |
EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file. | |||||
CVE-2016-1324 | 1 Cisco | 1 Spark | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The REST interface in Cisco Spark 2015-06 allows remote attackers to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125. | |||||
CVE-2016-3396 | 1 Microsoft | 12 Live Meeting, Lync, Office and 9 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "GDI+ Remote Code Execution Vulnerability." | |||||
CVE-2015-2507 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2024-02-28 | 7.2 HIGH | N/A |
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2512. | |||||
CVE-2016-0820 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358. | |||||
CVE-2016-3922 | 1 Google | 1 Android | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka internal bug 30202619. | |||||
CVE-2015-2027 | 1 Ibm | 1 Websphere Extreme Scale | 2024-02-28 | 2.1 LOW | N/A |
IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||||
CVE-2015-6335 | 1 Cisco | 1 Firesight System Software | 2024-02-28 | 9.0 HIGH | N/A |
The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839. | |||||
CVE-2016-1264 | 1 Juniper | 1 Junos | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Race condition in the Op command in Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R11, 12.3X48 before 12.3X48-D20, 12.3X50 before 12.3X50-D50, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D39, 13.2X52 before 13.2X52-D30, 13.3 before 13.3R7, 14.1 before 14.1R6, 14.1X53 before 14.1X53-D30, 14.2 before 14.2R4, 15.1 before 15.1F2 or 15.1R2, 15.1X49 before 15.1X49-D10 or 15.1X49-D20, and 16.1 before 16.1R1 allows remote authenticated users to gain privileges via the URL option. | |||||
CVE-2016-3844 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517. | |||||
CVE-2016-0832 | 1 Google | 1 Android | 2024-02-28 | 6.6 MEDIUM | 6.1 MEDIUM |
Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042. | |||||
CVE-2015-0717 | 1 Cisco | 1 Unified Communications Manager | 2024-02-28 | 6.9 MEDIUM | N/A |
Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. | |||||
CVE-2016-0143 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0165 and CVE-2016-0167. | |||||
CVE-2015-3631 | 1 Docker | 1 Docker | 2024-02-28 | 3.6 LOW | N/A |
Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. |