Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1282 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | N/A |
| The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers to bypass intended configuration-profile visibility requirements via a long name. | ||||
| CVE-2016-3239 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | N/A |
| The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via vectors involving filesystem write operations, aka "Windows Print Spooler Elevation of Privilege Vulnerability." | ||||
| CVE-2016-2876 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue. | ||||
| CVE-2014-1314 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application. | ||||
| CVE-2016-5249 | 1 Lenovo | 1 Solution Center | 2025-04-12 | N/A |
| Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalSystem privileges via vectors involving the LSC.Services.SystemService StartProxy command with a named pipe created in advance and crafted .NET assembly. | ||||
| CVE-2016-3249 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | N/A |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3252, CVE-2016-3254, and CVE-2016-3286. | ||||
| CVE-2014-1352 | 1 Apple | 1 Iphone Os | 2025-04-12 | N/A |
| Lock Screen in Apple iOS before 7.1.2 does not properly enforce the limit on failed passcode attempts, which makes it easier for physically proximate attackers to conduct brute-force passcode-guessing attacks via unspecified vectors. | ||||
| CVE-2016-5266 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site. | ||||
| CVE-2016-3252 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | N/A |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3249, CVE-2016-3254, and CVE-2016-3286. | ||||
| CVE-2016-7391 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-12 | N/A |
| For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100010b where a missing array bounds check can allow a user to write to kernel memory, leading to denial of service or potential escalation of privileges. | ||||
| CVE-2016-3258 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2025-04-12 | N/A |
| Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka "Windows File System Security Feature Bypass." | ||||
| CVE-2014-3674 | 1 Redhat | 1 Openshift | 2025-04-12 | N/A |
| Red Hat OpenShift Enterprise before 2.2 does not properly restrict access to gears, which allows remote attackers to access the network resources of arbitrary gears via unspecified vectors. | ||||
| CVE-2016-7253 | 1 Microsoft | 1 Sql Server | 2025-04-12 | N/A |
| The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability." | ||||
| CVE-2016-7254 | 1 Microsoft | 1 Sql Server | 2025-04-12 | N/A |
| Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability." | ||||
| CVE-2014-3771 | 1 Teampass | 1 Teampass | 2025-04-12 | N/A |
| TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php. | ||||
| CVE-2014-3790 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-12 | N/A |
| Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail. | ||||
| CVE-2014-3811 | 1 Juniper | 2 Juniper Installer Service Client, Junos Pulse Client | 2025-04-12 | N/A |
| Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows and Junos Pulse Client before 4.0R6 allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2014-3848 | 1 Imember360 | 1 Imember360 | 2025-04-12 | N/A |
| The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter. | ||||
| CVE-2016-8811 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2025-04-12 | N/A |
| For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000170 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges. | ||||
| CVE-2016-4834 | 1 Vtiger | 1 Vtiger Crm | 2025-04-12 | N/A |
| modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors. | ||||