Export limit exceeded: 367078 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9606 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3917 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not track the user account during the authentication process, which allows physically proximate attackers to authenticate as an arbitrary user by leveraging lockscreen access, aka internal bug 30744668. | ||||
| CVE-2014-1314 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application. | ||||
| CVE-2016-3921 | 1 Google | 1 Android | 2025-04-12 | N/A |
| libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 29831647. | ||||
| CVE-2014-1375 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Intel Graphics Driver in Apple OS X before 10.9.4 allows local users to bypass the ASLR protection mechanism by leveraging read access to a kernel pointer in an IOKit object. | ||||
| CVE-2016-3928 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019362 and MediaTek internal bug ALPS02829384. | ||||
| CVE-2016-3930 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28760138. | ||||
| CVE-2016-3931 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29157595 and Qualcomm internal bug CR 1036418. | ||||
| CVE-2016-3939 | 1 Google | 1 Android | 2025-04-12 | N/A |
| drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30874196 and Qualcomm internal bug CR 1001224. | ||||
| CVE-2016-3940 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 6P and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 30141991. | ||||
| CVE-2014-1424 | 2 Canonical, Ubuntu | 2 Ubuntu, Apparmor | 2025-04-12 | N/A |
| apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw." | ||||
| CVE-2014-3083 | 1 Ibm | 1 Websphere Application Server | 2025-04-12 | N/A |
| IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.3 does not properly restrict resource access, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2014-4749 | 1 Ibm | 1 Powervc | 2025-04-12 | N/A |
| IBM PowerVC 1.2.0 before FixPack3 does not properly use the known_hosts file, which allows man-in-the-middle attackers to spoof SSH servers via an arbitrary server key. | ||||
| CVE-2016-0051 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | N/A |
| The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability." | ||||
| CVE-2014-7189 | 1 Golang | 1 Go | 2025-04-12 | N/A |
| crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors. | ||||
| CVE-2014-7986 | 1 Espocrm | 1 Espocrm | 2025-04-12 | N/A |
| install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter. | ||||
| CVE-2015-1293 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||||
| CVE-2015-1292 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. | ||||
| CVE-2015-1867 | 2 Clusterlabs, Redhat | 4 Pacemaker, Enterprise Linux, Enterprise Linux High Availability and 1 more | 2025-04-12 | N/A |
| Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. | ||||
| CVE-2015-1946 | 1 Ibm | 2 Websphere Application Server, Websphere Virtual Enterprise | 2025-04-12 | N/A |
| IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user roles, which allows local users to gain privileges via unspecified vectors. | ||||
| CVE-2015-5645 | 1 Icz | 1 Matchasns | 2025-04-12 | N/A |
| ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors. | ||||