Search Results (9594 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-3864 1 Google 1 Android 2025-04-12 N/A
The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28823714 and Qualcomm internal bug CR913117.
CVE-2016-1416 1 Cisco 1 Prime Collaboration Provisioning 2025-04-12 N/A
Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) mishandles LDAP authentication, which allows remote attackers to obtain administrator privileges via a crafted login attempt, aka Bug ID CSCuv37513.
CVE-2014-4451 1 Apple 1 Iphone Os 2025-04-12 N/A
Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of guesses.
CVE-2012-5243 1 Bananadance 1 Banana Dance 2025-04-12 N/A
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.
CVE-2014-3800 1 Xbmc 1 Xbmc 2025-04-12 N/A
XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.
CVE-2014-3772 1 Teampass 1 Teampass 2025-04-12 N/A
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking the CPM key, as demonstrated by a request to sources/upload/upload.files.php.
CVE-2016-3843 1 Google 1 Android 2025-04-12 N/A
Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.
CVE-2016-6362 1 Cisco 1 Aironet Access Point Software 2025-04-12 N/A
Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bug ID CSCuz24725.
CVE-2013-0345 1 Varnish Cache Project 1 Varnish Cache 2025-04-12 N/A
varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. NOTE: some of these details are obtained from third party information.
CVE-2014-3771 1 Teampass 1 Teampass 2025-04-12 N/A
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php.
CVE-2016-3842 1 Google 1 Android 2025-04-12 N/A
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.
CVE-2016-8811 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2025-04-12 N/A
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000170 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.
CVE-2016-2501 1 Google 1 Android 2025-04-12 N/A
The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 27890772 and Qualcomm internal bug CR1001092.
CVE-2016-1531 1 Exim 1 Exim 2025-04-12 N/A
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
CVE-2011-5319 1 Google 1 Chrome 2025-04-12 N/A
content/renderer/device_sensors/device_motion_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate accelerometer data, which makes it easier for remote attackers to capture keystrokes via a crafted web site that listens for ondevicemotion events, a different vulnerability than CVE-2015-1231.
CVE-2014-3674 1 Redhat 1 Openshift 2025-04-12 N/A
Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors.
CVE-2015-3256 3 Opensuse, Polkit Project, Redhat 3 Opensuse, Polkit, Enterprise Linux 2025-04-12 N/A
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
CVE-2014-9466 1 Open-xchange 1 Open-xchange Appsuite 2025-04-12 N/A
Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before 7.6.0-rev36, and 7.6.1 before 7.6.1-rev14 does not properly handle directory permissions, which allows remote authenticated users to read files via unspecified vectors, related to the "folder identifier."
CVE-2016-6369 1 Cisco 1 Anyconnect Secure Mobility Client 2025-04-12 N/A
Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464.
CVE-2014-3617 1 Moodle 1 Moodle 2025-04-12 N/A
The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, and discover an author's username, by leveraging the student role and visiting a Q&A forum.