Search Results (26345 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-0219 1 Apache 1 Karaf 2025-04-20 N/A
Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.
CVE-2016-7600 1 Apple 1 Mac Os X 2025-04-20 N/A
An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "OpenPAM" component, which allows local users to obtain sensitive information by leveraging mishandling of failed PAM authentication by a sandboxed app.
CVE-2017-0738 1 Google 1 Android 2025-04-20 N/A
A information disclosure vulnerability in the Android media framework (audioserver). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37563371.
CVE-2017-0585 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32475556. References: B-RB#112953.
CVE-2016-5197 1 Google 1 Chrome 2025-04-20 N/A
The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page.
CVE-2016-3066 1 Spice-gtk Project 1 Spice-gtk 2025-04-20 N/A
The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.
CVE-2012-1301 1 Umbraco 1 Umbraco Cms 2025-04-20 9.8 Critical
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter.
CVE-2009-1197 1 Apache 1 Juddi 2025-04-20 N/A
Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.
CVE-2017-0461 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32073794. References: QC-CR#1100132.
CVE-2017-0459 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32644895. References: QC-CR#1091939.
CVE-2017-0458 1 Linux 1 Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32588962. References: QC-CR#1089433.
CVE-2017-0451 2 Google, Linux 2 Android, Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129.
CVE-2013-7400 1 Dkd 1 Direct Mail 2025-04-20 N/A
The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.
CVE-2016-5006 1 Pivotal Software 2 Cloud Foundry, Cloud Foundry Elastic Runtime 2025-04-20 N/A
The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors.
CVE-2016-5001 1 Apache 1 Hadoop 2025-04-20 N/A
This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in the token.
CVE-2017-3098 1 Adobe 1 Captivate 2025-04-20 N/A
Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server.
CVE-2014-9845 5 Canonical, Imagemagick, Opensuse and 2 more 11 Ubuntu Linux, Imagemagick, Leap and 8 more 2025-04-20 N/A
The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file.
CVE-2014-9483 1 Gnu 1 Emacs 2025-04-20 N/A
Emacs 24.4 allows remote attackers to bypass security restrictions.
CVE-2016-10176 1 Netgear 2 Wnr2000v5, Wnr2000v5 Firmware 2025-04-20 N/A
The NETGEAR WNR2000v5 router allows an administrator to perform sensitive actions by invoking the apply.cgi URL on the web server of the device. This special URL is handled by the embedded web server (uhttpd) and processed accordingly. The web server also contains another URL, apply_noauth.cgi, that allows an unauthenticated user to perform sensitive actions on the device. This functionality can be exploited to change the router settings (such as the answers to the password-recovery questions) and achieve remote code execution.
CVE-2017-0076 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 N/A
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0097, and CVE-2017-0099.