Search Results (9589 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1627 4 Debian, Google, Opensuse and 1 more 4 Debian Linux, Chrome, Opensuse and 1 more 2025-04-12 N/A
The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js.
CVE-2016-1712 1 Paloaltonetworks 1 Pan-os 2025-04-12 N/A
Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper sanitization of the root_reboot local invocation.
CVE-2016-1742 1 Apple 1 Itunes 2025-04-12 N/A
Untrusted search path vulnerability in the installer in Apple iTunes before 12.4 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
CVE-2016-2456 1 Google 2 Android, Android One 2025-04-12 N/A
The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27275187.
CVE-2016-2434 1 Google 2 Android, Nexus 9 2025-04-12 N/A
The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090.
CVE-2016-2444 1 Google 2 Android, Nexus 9 2025-04-12 N/A
The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27208332.
CVE-2016-2445 1 Google 2 Android, Nexus 9 2025-04-12 N/A
The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079.
CVE-2016-2446 1 Google 2 Android, Nexus 9 2025-04-12 N/A
The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354.
CVE-2016-3213 1 Microsoft 8 Internet Explorer, Windows 10, Windows 7 and 5 more 2025-04-12 N/A
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka "WPAD Elevation of Privilege Vulnerability."
CVE-2016-3808 1 Google 1 Android 2025-04-12 N/A
The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009.
CVE-2016-4777 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 N/A
The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (invalid pointer dereference) via a crafted app.
CVE-2014-0858 1 Ibm 1 Content Navigator 2025-04-12 N/A
IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL.
CVE-2014-1881 2 Adobe, Apache 2 Phonegap, Cordova 2025-04-12 N/A
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and waits a certain amount of time for an OnJsPrompt handler return value as an alternative to correct synchronization.
CVE-2014-1886 2 Adobe, Edinburghtour 2 Phonegap, Edinburgh By Bus 2025-04-12 N/A
The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites."
CVE-2015-1236 4 Canonical, Debian, Google and 1 more 4 Ubuntu Linux, Debian Linux, Chrome and 1 more 2025-04-12 N/A
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.
CVE-2015-2525 1 Microsoft 9 Windows 10, Windows 7, Windows 8 and 6 more 2025-04-12 N/A
Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass intended filesystem restrictions and delete arbitrary files via unspecified vectors, aka "Windows Task File Deletion Elevation of Privilege Vulnerability."
CVE-2014-2859 1 Paperthin 1 Commonspot Content Server 2025-04-12 N/A
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request.
CVE-2015-1703 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1704.
CVE-2015-1844 2 Redhat, Theforeman 3 Satellite, Satellite Capsule, Foreman 2025-04-12 N/A
Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API.
CVE-2015-3003 1 Juniper 1 Junos 2025-04-12 N/A
Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users to gain privileges via crafted combinations of CLI commands and arguments.