Total
5226 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-9695 | 1 Huawei | 2 Tecal E9000 Chassis, Tecal E9000 Chassis Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions could allow a non-super-domain user who accesses HMM through SNMPv3 to perform operations on a server as a super-domain user. | |||||
CVE-2016-9382 | 2 Citrix, Xen | 2 Xenserver, Xen | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode. | |||||
CVE-2016-10372 | 1 Eir | 2 D1000 Modem, D1000 Modem Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature. | |||||
CVE-2016-10291 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-34030871. References: QC-CR#986837. | |||||
CVE-2016-4340 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors. | |||||
CVE-2016-6738 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Qualcomm crypto engine driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-30034511. References: Qualcomm QC-CR#1050538. | |||||
CVE-2014-9922 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c. | |||||
CVE-2016-7254 | 1 Microsoft | 1 Sql Server | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability." | |||||
CVE-2016-6729 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Android ID: A-30977990. References: Qualcomm QC-CR#977684. | |||||
CVE-2014-3222 | 1 Huawei | 1 Espace Meeting | 2024-02-28 | 6.6 MEDIUM | 7.0 HIGH |
In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key resources. | |||||
CVE-2016-9867 | 1 Emc | 1 Scaleio | 2024-02-28 | 4.6 MEDIUM | 8.8 HIGH |
An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers. | |||||
CVE-2016-8202 | 1 Broadcom | 1 Fabric Operating System | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected versions, non-root users can gain root access with a combination of shell commands and parameters. | |||||
CVE-2016-8589 | 1 Trendmicro | 1 Threat Discovery Appliance | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter. | |||||
CVE-2014-8708 | 1 Pluck-cms | 1 Pluck | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature. | |||||
CVE-2016-9167 | 1 Novell | 1 Edirectory | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP objects across partition boundaries correctly, which could lead to a privilege escalation by modifying user attributes that would otherwise be filtered by an ACL. | |||||
CVE-2016-5991 | 1 Ibm | 1 Sterling Connect\ | 2024-02-28 | 4.4 MEDIUM | 4.5 MEDIUM |
IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors. | |||||
CVE-2016-8769 | 1 Huawei | 1 Utps Firmware | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed. | |||||
CVE-2016-6786 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 6.9 MEDIUM | 7.0 HIGH |
kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain privileges via a crafted application, aka Android internal bug 30955111. | |||||
CVE-2015-8089 | 1 Huawei | 6 P7-l00, P7-l00 Firmware, P7-l05 and 3 more | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service (system crash) or gain privileges via a crafted application. | |||||
CVE-2016-8012 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
Access control vulnerability in Intel Security Data Loss Prevention Endpoint (DLPe) 9.4.200 and 9.3.600 allows authenticated users with Read-Write-Execute permissions to inject hook DLLs into other processes via pages in the target process memory get. |