Total
5226 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10700 | 1 Cacti | 1 Cacti | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313. | |||||
CVE-2015-3617 | 1 Fortinet | 1 Fortimanager Firmware | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. | |||||
CVE-2015-1324 | 1 Canonical | 1 Ubuntu Linux | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries. | |||||
CVE-2015-1795 | 1 Redhat | 2 Enterprise Linux, Gluster Storage | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. | |||||
CVE-2015-4685 | 1 Polycom | 1 Realpresence Resource Manager | 2024-02-28 | 4.4 MEDIUM | 7.0 HIGH |
Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration. | |||||
CVE-2016-5864 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access. | |||||
CVE-2016-5862 | 1 Google | 1 Android | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs. | |||||
CVE-2016-5861 | 1 Google | 1 Android | 2024-02-28 | 8.3 HIGH | 8.8 HIGH |
In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow. | |||||
CVE-2014-9260 | 1 Downloadmanager | 1 Download Manager | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. | |||||
CVE-2015-0162 | 1 Ibm | 1 Security Siteprotector System | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. | |||||
CVE-2015-5244 | 1 Mod Nss Project | 1 Mod Nss | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. | |||||
CVE-2015-8621 | 1 Tcoffee | 1 T-coffee | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally. | |||||
CVE-2014-7862 | 1 Zohocorp | 1 Desktop Central | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action. | |||||
CVE-2016-4435 | 1 Pivotal | 1 Bosh Stemcell | 2024-02-28 | 6.8 MEDIUM | 9.0 CRITICAL |
An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID. | |||||
CVE-2015-4596 | 1 Lenovo | 1 Mouse Suite | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. | |||||
CVE-2014-8156 | 5 Debian, Fso-frameworkd Project, Fso-gsmd Project and 2 more | 5 Debian Linux, Fso-frameworkd, Fso-gsmd and 2 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service. | |||||
CVE-2016-5868 | 1 Google | 1 Android | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process. | |||||
CVE-2016-5867 | 1 Google | 1 Android | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow. | |||||
CVE-2015-7358 | 4 Ciphershed, Idrix, Microsoft and 1 more | 4 Ciphershed, Veracrypt, Windows and 1 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory. | |||||
CVE-2016-10341 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
In all Android releases from CAF using the Linux kernel, 3rd party TEEs have more privilege than intended. |