Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2071 | 1 Citrix | 3 Netscaler, Netscaler Application Delivery Controller, Netscaler Gateway | 2025-04-12 | N/A |
| Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, and 10.5.e before Build 59.1305.e allows remote attackers to gain privileges via unspecified NS Web GUI commands. | ||||
| CVE-2016-2077 | 2 Microsoft, Vmware | 3 Windows, Player, Workstation | 2025-04-12 | N/A |
| VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before 7.1.3 on Windows incorrectly access an executable file, which allows host OS users to gain host OS privileges via unspecified vectors. | ||||
| CVE-2015-0767 | 1 Cisco | 2 Edge 340, Edge 340 Firmware | 2025-04-12 | N/A |
| Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132. | ||||
| CVE-2012-6110 | 1 Bcron Project | 1 Bcron Exec | 2025-04-12 | N/A |
| bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor. | ||||
| CVE-2016-2288 | 1 Cogentdatahub | 1 Cogent Datahub | 2025-04-12 | N/A |
| Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. | ||||
| CVE-2016-2352 | 1 Accellion | 1 File Transfer Appliance | 2025-04-12 | N/A |
| The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role. | ||||
| CVE-2016-6536 | 1 Aver | 2 Eh6108h\+, Eh6108h\+ Firmware | 2025-04-12 | N/A |
| The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value. | ||||
| CVE-2012-6146 | 1 Typo3 | 1 Typo3 | 2025-04-12 | N/A |
| The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL. | ||||
| CVE-2015-0773 | 1 Cisco | 1 Firesight System Software | 2025-04-12 | N/A |
| Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078. | ||||
| CVE-2016-2488 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27600832. | ||||
| CVE-2015-0816 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-04-12 | N/A |
| Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js. | ||||
| CVE-2015-1029 | 1 Puppet | 2 Puppet Enterprise, Stdlib | 2025-04-12 | N/A |
| The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by prepopulating the fact cache. | ||||
| CVE-2015-1489 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | N/A |
| The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. | ||||
| CVE-2015-2480 | 1 Microsoft | 1 .net Framework | 2025-04-12 | N/A |
| The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2479 and CVE-2015-2481. | ||||
| CVE-2015-3858 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation requirement for SMS short-code messaging via a crafted application, aka internal bug 22314646. | ||||
| CVE-2015-0662 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | N/A |
| Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385. | ||||
| CVE-2016-2968 | 1 Ibm | 1 Security Qradar Incident Forensics | 2025-04-12 | N/A |
| IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unspecified vectors. | ||||
| CVE-2012-6648 | 2 Canonical, Gdm-guest-session Project | 2 Ubuntu Linux, Gdm-guest-session | 2025-04-12 | N/A |
| gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as used in Ubuntu Linux 10.04 LTS, 10.10, and 11.04, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT from CVE-2012-0943 per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-0943 is used for the guest-account issue. | ||||
| CVE-2014-4076 | 1 Microsoft | 1 Windows Server 2003 | 2025-04-12 | N/A |
| Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability." | ||||
| CVE-2015-0682 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A |
| Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. | ||||