Total
2289 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8550 | 2 Novell, Xen | 2 Suse Linux Enterprise Real Time Extension, Xen | 2017-11-04 | 5.7 MEDIUM | 8.2 HIGH |
| Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability. | |||||
| CVE-2015-3407 | 2 Canonical, Module-signature Project | 2 Ubuntu Linux, Module-signature | 2017-11-04 | 5.0 MEDIUM | N/A |
| Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files. | |||||
| CVE-2016-6255 | 2 Debian, Libupnp Project | 2 Debian Linux, Libupnp | 2017-11-03 | 5.0 MEDIUM | 7.5 HIGH |
| Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler. | |||||
| CVE-2012-4379 | 1 Mediawiki | 1 Mediawiki | 2017-10-31 | 4.3 MEDIUM | 6.5 MEDIUM |
| MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in an IFRAME element. | |||||
| CVE-2012-4380 | 1 Mediawiki | 1 Mediawiki | 2017-10-31 | 5.0 MEDIUM | 7.5 HIGH |
| MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors. | |||||
| CVE-2010-2232 | 1 Apache | 1 Derby | 2017-10-27 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file. | |||||
| CVE-2014-9148 | 1 Fiyo | 1 Fiyo Cms | 2017-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur. | |||||
| CVE-2016-6789 | 1 Linux | 1 Linux Kernel | 2017-10-19 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA libomx library (libnvomx) could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: Kernel-3.18. Android ID: A-31251973. References: N-CVE-2016-6789. | |||||
| CVE-2016-6777 | 1 Linux | 1 Linux Kernel | 2017-10-19 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31910462. References: N-CVE-2016-6777. | |||||
| CVE-2016-6776 | 1 Linux | 1 Linux Kernel | 2017-10-19 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31680980. References: N-CVE-2016-6776. | |||||
| CVE-2016-6775 | 1 Linux | 1 Linux Kernel | 2017-10-19 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-31222873. References: N-CVE-2016-6775. | |||||
| CVE-2016-1315 | 1 Cisco | 1 Email Security Appliance Firmeware | 2017-10-13 | 5.0 MEDIUM | 7.5 HIGH |
| The proxy engine in Cisco Advanced Malware Protection (AMP), when used with Email Security Appliance (ESA) 9.5.0-201, 9.6.0-051, and 9.7.0-125, allows remote attackers to bypass intended content restrictions via a malformed e-mail message containing an encoded file, aka Bug ID CSCux45338. | |||||
| CVE-2015-1336 | 3 Canonical, Debian, Man-db Project | 3 Ubuntu Linux, Debian Linux, Man-db | 2017-10-11 | 7.2 HIGH | 7.8 HIGH |
| The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local users with access to the man account to gain privileges via vectors involving insecure chown use. | |||||
| CVE-2015-7315 | 1 Plone | 1 Plone | 2017-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new member to a Plone site with registration enabled, without acknowledgment of site administrator. | |||||
| CVE-2015-0110 | 1 Ibm | 2 Business Process Manager, Websphere Application Server | 2017-09-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. | |||||
| CVE-2015-5116 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2017-09-22 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-3125. | |||||
| CVE-2015-3691 | 1 Apple | 1 Mac Os X | 2017-09-22 | 9.3 HIGH | N/A |
| The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer. | |||||
| CVE-2015-3675 | 1 Apple | 1 Mac Os X | 2017-09-22 | 5.0 MEDIUM | N/A |
| The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL. | |||||
| CVE-2015-3672 | 1 Apple | 1 Mac Os X | 2017-09-22 | 7.2 HIGH | N/A |
| Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors. | |||||
| CVE-2015-3671 | 1 Apple | 1 Mac Os X | 2017-09-22 | 7.2 HIGH | N/A |
| Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors. | |||||