Total
5226 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-2071 | 1 Arubanetworks | 1 Clearpass | 2024-02-28 | 4.9 MEDIUM | 7.1 HIGH |
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method. | |||||
CVE-2004-2778 | 1 Gentoo | 1 Portage | 2024-02-28 | 3.6 LOW | 7.1 HIGH |
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands. | |||||
CVE-2015-4082 | 1 Attic Project | 1 Attic | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file". | |||||
CVE-2016-3998 | 1 Netapp | 1 Altavault | 2024-02-28 | 5.1 MEDIUM | 8.1 HIGH |
NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol. | |||||
CVE-2016-5853 | 1 Google | 1 Android | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value. | |||||
CVE-2015-7561 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2024-02-28 | 3.5 LOW | 3.1 LOW |
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | |||||
CVE-2016-8592 | 1 Trendmicro | 1 Threat Discovery Appliance | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | |||||
CVE-2016-8806 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x5000027 where a pointer passed from an user to the driver is used without validation, leading to denial of service or potential escalation of privileges. | |||||
CVE-2015-0864 | 1 Samsung | 2 Galaxy App, Samsung Account App | 2024-02-28 | 7.9 HIGH | 8.0 HIGH |
Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | |||||
CVE-2016-5720 | 1 Microsoft | 1 Skype | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory. | |||||
CVE-2016-7488 | 1 Teradata | 1 Virtual Machine | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root. | |||||
CVE-2016-8659 | 1 Bubblewrap Project | 1 Bubblewrap | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket. | |||||
CVE-2016-8432 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32447738. References: N-CVE-2016-8432. | |||||
CVE-2016-8102 | 1 Intel | 1 Wireless Bluetooth Drivers | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges. | |||||
CVE-2016-3114 | 1 Kallithea | 1 Kallithea | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access. | |||||
CVE-2016-6736 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30953284. References: NVIDIA N-CVE-2016-6736. | |||||
CVE-2016-10277 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490. | |||||
CVE-2016-7661 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references. | |||||
CVE-2016-6700 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30916186. | |||||
CVE-2016-8468 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
An elevation of privilege vulnerability in Binder could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.18. Android ID: A-32394425. |