Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-7468 | 1 Ibm | 1 Jazz Reporting Service | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on administrator tasks via unspecified vectors. | |||||
CVE-2015-8753 | 1 Sap | 1 Afaria | 2024-02-28 | 9.4 HIGH | 9.1 CRITICAL |
SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905. | |||||
CVE-2015-5629 | 1 Ntt-bp | 1 Japan Connected-free Wi-fi | 2024-02-28 | 6.8 MEDIUM | N/A |
The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |||||
CVE-2016-3846 | 1 Google | 1 Android | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378. | |||||
CVE-2015-6785 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | N/A |
The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a policy that was intended to be specific to subdomains. | |||||
CVE-2015-7766 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-02-28 | 9.0 HIGH | N/A |
PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as demonstrated by "INSERT/**/INTO." | |||||
CVE-2015-3793 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.3 MEDIUM | N/A |
CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |||||
CVE-2016-3220 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "ATMFD.dll Elevation of Privilege Vulnerability." | |||||
CVE-2016-0707 | 1 Apache | 1 Ambari | 2024-02-28 | 2.1 LOW | 3.3 LOW |
The agent in Apache Ambari before 2.1.2 uses weak permissions for the (1) /var/lib/ambari-agent/data and (2) /var/lib/ambari-agent/keys directories, which allows local users to obtain sensitive information by reading files in the directories. | |||||
CVE-2015-5253 | 1 Apache | 1 Cxf | 2024-02-28 | 4.0 MEDIUM | N/A |
The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote authenticated users to bypass authentication via a crafted SAML response with a valid signed assertion, related to a "wrapping attack." | |||||
CVE-2014-9885 | 1 Google | 1 Android | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261. | |||||
CVE-2015-2366 | 1 Microsoft | 7 Windows 7, Windows 8, Windows 8.1 and 4 more | 2024-02-28 | 7.2 HIGH | N/A |
win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||||
CVE-2015-5640 | 1 Basercms | 1 Basercms | 2024-02-28 | 6.5 MEDIUM | N/A |
baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request. | |||||
CVE-2016-1435 | 1 Cisco | 2 Ip Phone 8800, Ip Phone 8800 Series Firmware | 2024-02-28 | 6.2 MEDIUM | 7.0 HIGH |
Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. | |||||
CVE-2016-3793 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026625. | |||||
CVE-2015-5043 | 1 Ibm | 1 Security Guardium | 2024-02-28 | 7.2 HIGH | N/A |
diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, 9.5, and 10.0 before p6015 allows local users to obtain root access via unspecified key sequences. | |||||
CVE-2015-5636 | 1 Newphoria Corporation | 1 Reversi | 2024-02-28 | 6.8 MEDIUM | N/A |
The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |||||
CVE-2015-0546 | 1 Emc | 1 Unified Infrastructure Manager\/provisioning | 2024-02-28 | 10.0 HIGH | N/A |
EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name. | |||||
CVE-2016-2446 | 1 Google | 2 Android, Nexus 9 | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354. | |||||
CVE-2016-6193 | 1 Huawei | 1 P8 Smartphone Firmware | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192. |