Total
5222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4440 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the APICv on/off state, which allows guest OS users to obtain direct APIC MSR access on the host OS, and consequently cause a denial of service (host OS crash) or possibly execute arbitrary code on the host OS, via x2APIC mode. | |||||
| CVE-2014-9789 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749392 and Qualcomm internal bug CR556425. | |||||
| CVE-2015-0750 | 1 Cisco | 1 Hosted Collaboration Solution | 2024-02-28 | 6.5 MEDIUM | N/A |
| The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786. | |||||
| CVE-2015-2694 | 1 Mit | 1 Kerberos 5 | 2024-02-28 | 5.8 MEDIUM | N/A |
| The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. | |||||
| CVE-2015-5286 | 1 Openstack | 1 Image Registry And Delivery Service \(glance\) | 2024-02-28 | 6.8 MEDIUM | N/A |
| OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623. | |||||
| CVE-2016-8501 | 1 Yandex | 1 Yandex Browser | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled. | |||||
| CVE-2015-0160 | 1 Ibm | 1 Security Siteprotector System | 2024-02-28 | 9.0 HIGH | N/A |
| IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecified vectors. | |||||
| CVE-2014-9749 | 2 Opensuse, Squid-cache | 2 Opensuse, Squid | 2024-02-28 | 4.0 MEDIUM | N/A |
| Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability." | |||||
| CVE-2015-6171 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2024-02-28 | 7.2 HIGH | N/A |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6173 and CVE-2015-6174. | |||||
| CVE-2015-7052 | 1 Apple | 1 Mac Os X | 2024-02-28 | 7.2 HIGH | N/A |
| kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2016-3806 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal bug ALPS02715341. | |||||
| CVE-2015-1713 | 1 Microsoft | 1 Internet Explorer | 2024-02-28 | 6.8 MEDIUM | N/A |
| Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||||
| CVE-2015-2479 | 1 Microsoft | 1 .net Framework | 2024-02-28 | 9.3 HIGH | N/A |
| The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2480 and CVE-2015-2481. | |||||
| CVE-2015-6607 | 2 Google, Sqlite | 2 Android, Sqlite | 2024-02-28 | 6.8 MEDIUM | N/A |
| SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. | |||||
| CVE-2016-1322 | 1 Cisco | 1 Spark | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The REST interface in Cisco Spark 2015-07-04 allows remote attackers to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584. | |||||
| CVE-2015-5961 | 1 Mozilla | 1 Firefox Os | 2024-02-28 | 3.3 LOW | N/A |
| The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to bypass intended access restrictions by spoofing that server. | |||||
| CVE-2016-7093 | 1 Xen | 1 Xen | 2024-02-28 | 7.2 HIGH | 8.2 HIGH |
| Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to overwrite hypervisor memory and consequently gain host OS privileges by leveraging mishandling of instruction pointer truncation during emulation. | |||||
| CVE-2015-6362 | 1 Cisco | 1 Connected Grid Network Management System | 2024-02-28 | 4.0 MEDIUM | N/A |
| The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by leveraging the Monitor-Only role, aka Bug ID CSCuw42640. | |||||
| CVE-2015-6030 | 2 Hp, Microfocus | 7 Arcsight Command Center, Arcsight Connector Appliance, Arcsight Connectors and 4 more | 2024-02-28 | 7.2 HIGH | N/A |
| HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, and ArcSight Connector Appliance 6.4.0.6881.3 use the root account to execute files owned by the arcsight user, which might allow local users to gain privileges by leveraging arcsight account access. | |||||
| CVE-2015-4182 | 1 Cisco | 1 Identity Services Engine Software | 2024-02-28 | 5.5 MEDIUM | N/A |
| The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or change settings, via unspecified vectors, aka Bug ID CSCui72087. | |||||