Total
5226 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-3188 | 1 Apache | 1 Storm | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2016-6112 | 1 Ibm | 3 Distributed Marketing, Marketing Operations, Marketing Platform | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. IBM X-Force ID: 118282. | |||||
CVE-2016-10123 | 1 Firejail Project | 1 Firejail | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges. | |||||
CVE-2016-9403 | 1 Mybb | 2 Merge System, Mybb | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check. | |||||
CVE-2016-10276 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32952839. References: QC-CR#1094105. | |||||
CVE-2016-8436 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32450261. References: QC-CR#1007860. | |||||
CVE-2015-5682 | 1 Powerplay Gallery Project | 1 Powerplay Gallery | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable. | |||||
CVE-2016-8420 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32451171. References: QC-CR#1087807. | |||||
CVE-2016-5857 | 1 Google | 1 Android | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140. | |||||
CVE-2016-9849 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in phpMyAdmin. It is possible to bypass AllowRoot restriction ($cfg['Servers'][$i]['AllowRoot']) and deny rules for username by using Null Byte in the username. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
CVE-2016-10118 | 1 Firejail Project | 1 Firejail | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /. | |||||
CVE-2016-9345 | 1 Emerson | 1 Deltav | 2024-02-28 | 4.9 MEDIUM | 6.8 MEDIUM |
An issue was discovered in Emerson DeltaV Easy Security Management DeltaV V12.3, DeltaV V12.3.1, and DeltaV V13.3. Critical vulnerabilities may allow a local attacker to elevate privileges within the DeltaV control system. | |||||
CVE-2016-10116 | 1 Netgear | 8 Arlo Base Station Firmware, Arlo Q Camera Firmware, Arlo Q Plus Camera Firmware and 5 more | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack. | |||||
CVE-2016-8353 | 1 Osisoft | 1 Pi Web Api 2015 R2 | 2024-02-28 | 5.5 MEDIUM | 6.4 MEDIUM |
An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. | |||||
CVE-2016-10089 | 1 Nagios | 1 Nagios | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Nagios 4.3.2 and earlier allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. | |||||
CVE-2016-10044 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 does not properly restrict execute access, which makes it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call. | |||||
CVE-2016-10122 | 1 Firejail Project | 1 Firejail | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Firejail does not properly clean environment variables, which allows local users to gain privileges. | |||||
CVE-2016-10150 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device. | |||||
CVE-2016-6745 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Android ID: A-31252388. | |||||
CVE-2015-2794 | 1 Dotnetnuke | 1 Dotnetnuke | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx. |