ReportizFlow
Filtered by vendor
Subscriptions
Total
5490 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2449 | 1 Google | 1 Android | 2025-04-12 | N/A |
| services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template IDs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27568958. | ||||
| CVE-2016-5020 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2025-04-12 | N/A |
| F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of users with the Resource Administration role and gain privilege via a crafted external Extended Application Verification (EAV) monitor script. | ||||
| CVE-2016-5253 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link. | ||||
| CVE-2015-6333 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2025-04-12 | N/A |
| Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076. | ||||
| CVE-2016-4638 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion." | ||||
| CVE-2014-0187 | 4 Canonical, Openstack, Opensuse and 1 more | 4 Ubuntu Linux, Neutron, Opensuse and 1 more | 2025-04-12 | N/A |
| The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied. | ||||
| CVE-2016-4652 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors. | ||||
| CVE-2015-6322 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-04-12 | N/A |
| The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563. | ||||
| CVE-2016-4573 | 1 Fortinet | 22 Fortiswitch, Fsw-1024d, Fsw-1048d and 19 more | 2025-04-12 | N/A |
| Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, FSW-224D-POE, FSW-224D-FPOE, FSW-248D-POE, FSW-248D-FPOE, FSW-424D, FSW-424D-POE, FSW-424D-FPOE, FSW-448D, FSW-448D-POE, FSW-448D-FPOE, FSW-524D, FSW-524D-FPOE, FSW-548D, FSW-548D-FPOE, FSW-1024D, FSW-1048D, FSW-3032D, and FSW-R-112D-POE models, when in FortiLink managed mode and upgraded to 3.4.1, might allow remote attackers to bypass authentication and gain administrative access via an empty password for the rest_admin account. | ||||
| CVE-2016-4654 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||||
| CVE-2015-6306 | 3 Apple, Cisco, Linux | 3 Mac Os X, Anyconnect Secure Mobility Client, Linux Kernel | 2025-04-12 | N/A |
| Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation file, aka Bug ID CSCuv11947. | ||||
| CVE-2016-2462 | 1 Google | 1 Android | 2025-04-12 | N/A |
| OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 mishandles updates of the Additional Authenticated Data (AAD) array, which allows attackers to spoof message authentication via unspecified vectors, aka internal bug 27371173. | ||||
| CVE-2014-0165 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote authenticated users to publish posts by leveraging the Contributor role, related to wp-admin/includes/post.php and wp-admin/includes/class-wp-posts-list-table.php. | ||||
| CVE-2014-0123 | 1 Moodle | 1 Moodle | 2025-04-12 | N/A |
| The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student. | ||||
| CVE-2014-7922 | 1 Google | 1 Play Services Sdk | 2025-04-12 | N/A |
| The GoogleAuthUtil.getToken method in the Google Play services SDK before 2015 sets parameters in OAuth token requests upon finding a corresponding _opt_ parameter in the Bundle extras argument, which allows attackers to bypass an intended consent dialog and retrieve tokens for arbitrary OAuth scopes including the SID and LSID scopes, and consequently obtain access to a Google account, via a crafted application, as demonstrated by setting the has_permission=1 parameter value upon finding _opt_has_permission in that argument. | ||||
| CVE-2014-3396 | 1 Cisco | 8 Asr 9000 Rsp440 Router, Asr 9001, Asr 9006 and 5 more | 2025-04-12 | N/A |
| Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133. | ||||
| CVE-2016-2494 | 1 Google | 1 Android | 2025-04-12 | N/A |
| Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658. | ||||
| CVE-2016-4565 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2025-04-12 | 7.8 High |
| The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface. | ||||
| CVE-2016-4716 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2015-7919 | 1 Searchblox | 1 Searchblox | 2025-04-12 | N/A |
| SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors. | ||||