Total
5226 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8453 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-24739315. References: B-RB#73392. | |||||
| CVE-2016-10282 | 1 Google | 1 Android | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. References: M-ALPS03149189. | |||||
| CVE-2016-1876 | 1 Lenovo | 1 Solution Center | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| The backend service process in Lenovo Solution Center (aka LSC) before 3.3.0002 allows local users to gain SYSTEM privileges via unspecified vectors. | |||||
| CVE-2016-6731 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.3 HIGH |
| An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906023. References: NVIDIA N-CVE-2016-6731. | |||||
| CVE-2016-7238 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandle caching for NTLM password-change requests, which allows local users to gain privileges via a crafted application, aka "Windows NTLM Elevation of Privilege Vulnerability." | |||||
| CVE-2016-6470 | 1 Cisco | 1 Hybrid Media Service | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb81344. Known Affected Releases: 1.0. | |||||
| CVE-2016-9196 | 1 Cisco | 7 Aironet 1800, Aironet 2800e, Aironet 2800i and 4 more | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in login authentication management in Cisco Aironet 1800, 2800, and 3800 Series Access Point platforms could allow an authenticated, local attacker to gain unrestricted root access to the underlying Linux operating system. The root Linux shell is provided for advanced troubleshooting and should not be available to individual users, even those with root privileges. The attacker must have the root password to exploit this vulnerability. More Information: CSCvb13893. Known Affected Releases: 8.2(121.0) 8.3(102.0). Known Fixed Releases: 8.4(1.53) 8.4(1.52) 8.3(111.0) 8.3(104.23) 8.2(130.0) 8.2(124.1). | |||||
| CVE-2016-6733 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.3 HIGH |
| An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30906694. References: NVIDIA N-CVE-2016-6733. | |||||
| CVE-2016-6728 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30400942. | |||||
| CVE-2016-5237 | 1 Valvesoftware | 1 Steamos | 2024-02-28 | 1.9 LOW | 4.8 MEDIUM |
| Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file. | |||||
| CVE-2016-7271 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a crafted application, aka "Secure Kernel Mode Elevation of Privilege Vulnerability." | |||||
| CVE-2016-8421 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451104. References: QC-CR#1087797. | |||||
| CVE-2016-1883 | 1 Freebsd | 1 Freebsd | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors. | |||||
| CVE-2016-3053 | 1 Ibm | 1 Aix | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | |||||
| CVE-2016-6449 | 1 Cisco | 1 Fireamp Connector Endpoint Software | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAMP processes without requiring a password. Stopping certain critical processes could cause a denial of service (DoS) condition, and certain security features could no longer be available. More Information: CSCvb40597. Known Affected Releases: 1. | |||||
| CVE-2016-2876 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-02-28 | 8.5 HIGH | 7.5 HIGH |
| IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue. | |||||
| CVE-2016-8031 | 1 Mcafee | 1 Anti-malware Scan Engine | 2024-02-28 | 4.4 MEDIUM | 7.3 HIGH |
| Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file. | |||||
| CVE-2016-9796 | 1 Alcatel-lucent | 1 Omnivista 8770 Network Management System | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server." | |||||
| CVE-2016-9215 | 1 Cisco | 1 Ios Xr | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releases: 6.1.1.BASE. | |||||
| CVE-2016-9012 | 1 Arista | 1 Cloudvision Portal | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle. | |||||