Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-2450 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27569635. | |||||
CVE-2016-3868 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28967028 and Qualcomm internal bug CR1032875. | |||||
CVE-2016-3188 | 1 Prepopulate Project | 1 Prepopulate | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, and consequently have unspecified impact, via unspecified vectors. | |||||
CVE-2014-9868 | 1 Google | 1 Android | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976. | |||||
CVE-2016-0176 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
dxgkrnl.sys in the DirectX Graphics kernel subsystem in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability." | |||||
CVE-2016-2855 | 1 Huawei | 1 Mobile Broadband Hl Service | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier uses a weak ACL for the MobileBrServ program data directory, which allows local users to gain SYSTEM privileges by modifying VERSION.dll. | |||||
CVE-2016-0943 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X mishandle the Global object, which allows attackers to bypass JavaScript API execution restrictions via unspecified vectors. | |||||
CVE-2016-4157 | 1 Adobe | 1 Creative Cloud | 2024-02-28 | 6.9 MEDIUM | 7.3 HIGH |
Untrusted search path vulnerability in the installer in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse resource in an unspecified directory. | |||||
CVE-2015-7227 | 1 Fieldable Panels Panes Project | 1 Fieldable Panels Panes | 2024-02-28 | 3.5 LOW | N/A |
The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes by leveraging permissions to edit panels. | |||||
CVE-2015-8578 | 1 Avg | 1 Internet Security | 2024-02-28 | 6.4 MEDIUM | N/A |
AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. | |||||
CVE-2015-8570 | 1 Lepide | 1 Active Directory Self Service | 2024-02-28 | 7.4 HIGH | N/A |
The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request. | |||||
CVE-2015-5784 | 1 Apple | 1 Mac Os X | 2024-02-28 | 9.3 HIGH | N/A |
runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2016-1631 | 1 Google | 1 Chrome | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
The PPB_Flash_MessageLoop_Impl::InternalRun function in content/renderer/pepper/ppb_flash_message_loop_impl.cc in the Pepper plugin in Google Chrome before 49.0.2623.75 mishandles nested message loops, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
CVE-2016-0846 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 8.4 HIGH |
libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992. | |||||
CVE-2015-8942 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246. | |||||
CVE-2015-7051 | 1 Apple | 2 Iphone Os, Tvos | 2024-02-28 | 9.3 HIGH | N/A |
MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2015-3772 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.2 HIGH | N/A |
IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771. | |||||
CVE-2016-3870 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not prevent input-port changes, which allows attackers to gain privileges via a crafted application, aka internal bug 29421804. | |||||
CVE-2015-6170 | 1 Microsoft | 1 Edge | 2024-02-28 | 6.8 MEDIUM | N/A |
Microsoft Edge allows remote attackers to gain privileges via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability." | |||||
CVE-2016-0826 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403. |