Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-0805 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 8.4 HIGH |
The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204. | |||||
CVE-2015-3759 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.6 MEDIUM | N/A |
Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink. | |||||
CVE-2016-2449 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
services/camera/libcameraservice/device3/Camera3Device.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate template IDs, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 27568958. | |||||
CVE-2016-1394 | 1 Cisco | 1 Firesight System Software | 2024-02-28 | 7.5 HIGH | 8.6 HIGH |
Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded account, which allows remote attackers to obtain CLI access by leveraging knowledge of the password, aka Bug ID CSCuz56238. | |||||
CVE-2016-0812 | 1 Google | 1 Android | 2024-02-28 | 6.6 MEDIUM | 6.1 MEDIUM |
The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25229538. | |||||
CVE-2016-3843 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071. | |||||
CVE-2015-6018 | 1 Zyxel | 1 Pmg5318-b20a Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. | |||||
CVE-2015-2481 | 1 Microsoft | 1 .net Framework | 2024-02-28 | 9.3 HIGH | N/A |
The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect code during an attempt at optimization, which allows remote attackers to execute arbitrary code via a crafted .NET application, aka "RyuJIT Optimization Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2479 and CVE-2015-2480. | |||||
CVE-2016-8867 | 1 Docker | 1 Docker | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes. | |||||
CVE-2015-5515 | 1 Views Bulk Operations Project | 1 Views Bulk Operations | 2024-02-28 | 4.9 MEDIUM | N/A |
The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts and add arbitrary roles to the accounts by leveraging access to a user account listing view with VBO enabled. | |||||
CVE-2016-0766 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, 9.4.x before 9.4.6, and 9.5.x before 9.5.1 does not properly restrict access to unspecified custom configuration settings (GUCS) for PL/Java, which allows attackers to gain privileges via unspecified vectors. | |||||
CVE-2016-3887 | 1 Google | 1 Android | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOW_CONFIG_VPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712. | |||||
CVE-2016-6402 | 1 Cisco | 1 Unified Computing System | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263. | |||||
CVE-2016-3187 | 1 Prepopulate Project | 1 Prepopulate | 2024-02-28 | 7.5 HIGH | 7.3 HIGH |
The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter. | |||||
CVE-2015-7792 | 1 Corega | 1 Cg-wlbargs Firmware | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors. | |||||
CVE-2015-7469 | 1 Ibm | 1 Jazz Reporting Service | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restrictions by leveraging a JazzGuest role. | |||||
CVE-2016-6394 | 1 Cisco | 1 Firesight System Software | 2024-02-28 | 5.8 MEDIUM | 9.1 CRITICAL |
Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Software through 6.1.0 allows remote attackers to hijack web sessions via a session identifier, aka Bug ID CSCuz80503. | |||||
CVE-2016-7383 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2024-02-28 | 6.1 MEDIUM | 7.8 HIGH |
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in a memory mapping API in the kernel mode layer (nvlddmkm.sys) handler, leading to denial of service or potential escalation of privileges. | |||||
CVE-2014-9879 | 1 Google | 1 Android | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490. | |||||
CVE-2016-2160 | 1 Redhat | 2 Openshift, Openshift Origin | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. |