Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5560 | 1 Mate-desktop | 1 Mate-settings-daemon | 2025-04-12 | N/A |
| The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call. | ||||
| CVE-2016-0380 | 1 Ibm | 1 Sterling Connect\ | 2025-04-12 | 3.3 Low |
| IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and 4.2.0 before 4.2.0.4 iFix003 uses default file permissions of 0664, which allows local users to obtain sensitive information via standard filesystem operations. | ||||
| CVE-2015-0075 | 1 Microsoft | 4 Windows 2003 Server, Windows 7, Windows Server 2008 and 1 more | 2025-04-12 | N/A |
| The kernel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Impersonation Level Check Elevation of Privilege Vulnerability." | ||||
| CVE-2016-0806 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453. | ||||
| CVE-2015-0098 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2025-04-12 | N/A |
| Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges by triggering application execution by an invalid task, aka "Task Scheduler Elevation of Privilege Vulnerability." | ||||
| CVE-2016-0805 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204. | ||||
| CVE-2015-0054 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| CVE-2016-0819 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. | ||||
| CVE-2016-0822 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. | ||||
| CVE-2016-0847 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to spoof the originating telephone number of a call via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26864502. | ||||
| CVE-2016-6536 | 1 Aver | 2 Eh6108h\+, Eh6108h\+ Firmware | 2025-04-12 | N/A |
| The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value. | ||||
| CVE-2012-5696 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2025-04-12 | N/A |
| Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a direct request. | ||||
| CVE-2012-5697 | 1 Bulbsecurity | 1 Smartphone Pentest Framework | 2025-04-12 | N/A |
| The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files. | ||||
| CVE-2016-0911 | 1 Dell | 1 Emc Data Domain Os | 2025-04-12 | N/A |
| EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges. | ||||
| CVE-2015-0055 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| CVE-2015-0142 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-12 | N/A |
| IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function. | ||||
| CVE-2015-0237 | 1 Redhat | 2 Enterprise Virtualization Manager, Rhev Manager | 2025-04-12 | N/A |
| Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain. | ||||
| CVE-2015-0767 | 1 Cisco | 2 Edge 340, Edge 340 Firmware | 2025-04-12 | N/A |
| Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132. | ||||
| CVE-2015-1515 | 1 Softsphere | 1 Defensewall Personal Firewall | 2025-04-12 | N/A |
| The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call. | ||||
| CVE-2015-3273 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization. | ||||