ReportizFlow
Filtered by vendor
Subscriptions
Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-1608 | 1 Topline Systems | 1 Opportunity Form | 2025-04-12 | N/A |
| Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors. | ||||
| CVE-2015-5496 | 1 Pass2pdf Project | 1 Pass2pdf | 2025-04-12 | N/A |
| The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors. | ||||
| CVE-2016-2817 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted extension that accesses a (1) javascript: or (2) data: URL. | ||||
| CVE-2014-2068 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump. | ||||
| CVE-2016-6193 | 1 Huawei | 1 P8 Smartphone Firmware | 2025-04-12 | N/A |
| Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6192. | ||||
| CVE-2015-1867 | 2 Clusterlabs, Redhat | 4 Pacemaker, Enterprise Linux, Enterprise Linux High Availability and 1 more | 2025-04-12 | N/A |
| Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. | ||||
| CVE-2014-9575 | 1 Vdgsecurity | 1 Vdg Sense | 2025-04-12 | N/A |
| VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in the Authorization HTTP header. | ||||
| CVE-2014-0816 | 1 Norman | 1 Security Suite | 2025-04-12 | N/A |
| Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors. | ||||
| CVE-2015-5515 | 1 Views Bulk Operations Project | 1 Views Bulk Operations | 2025-04-12 | N/A |
| The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled. | ||||
| CVE-2015-3459 | 1 Hospira | 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware | 2025-04-12 | N/A |
| The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands. | ||||
| CVE-2016-7086 | 2 Microsoft, Vmware | 3 Windows, Workstation Player, Workstation Pro | 2025-04-12 | N/A |
| The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory. | ||||
| CVE-2015-3801 | 1 Apple | 2 Iphone Os, Safari | 2025-04-12 | N/A |
| The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. | ||||
| CVE-2016-5821 | 1 Huawei | 1 Hisuite | 2025-04-12 | N/A |
| Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain SYSTEM privileges via a Trojan horse (1) SspiCli.dll or (2) USERENV.dll file or possibly other unspecified DLL files. | ||||
| CVE-2016-7089 | 1 Watchguard | 1 Rapidstream | 2025-04-12 | N/A |
| WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN. | ||||
| CVE-2015-6170 | 1 Microsoft | 1 Edge | 2025-04-12 | N/A |
| Microsoft Edge allows remote attackers to gain privileges via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability." | ||||
| CVE-2015-8612 | 1 Blueman Project | 1 Blueman | 2025-04-12 | N/A |
| The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument. | ||||
| CVE-2015-5671 | 1 Techno Project Japan | 1 Enisys Gw | 2025-04-12 | N/A |
| Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors. | ||||
| CVE-2016-0048 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | N/A |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | ||||
| CVE-2016-7092 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The get_page_from_l3e function in arch/x86/mm.c in Xen allows local 32-bit PV guest OS administrators to gain host OS privileges via vectors related to L3 recursive pagetables. | ||||
| CVE-2014-4427 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| App Sandbox in Apple OS X before 10.10 allows attackers to bypass a sandbox protection mechanism via the accessibility API. | ||||