Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10277 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490. | |||||
| CVE-2016-10276 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32952839. References: QC-CR#1094105. | |||||
| CVE-2016-10275 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-34514954. References: QC-CR#1009111. | |||||
| CVE-2016-10274 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901. | |||||
| CVE-2016-10238 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In QSEE in all Android releases from CAF using the Linux kernel access control may potentially be bypassed due to a page alignment issue. | |||||
| CVE-2016-10233 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34389926. References: QC-CR#897452. | |||||
| CVE-2016-10232 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Qualcomm video driver. Product: Android. Versions: Android kernel. Android ID: A-34386696. References: QC-CR#1024872. | |||||
| CVE-2016-10231 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799. | |||||
| CVE-2016-10230 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability in the Qualcomm crypto driver. Product: Android. Versions: Android kernel. Android ID: A-34389927. References: QC-CR#1091408. | |||||
| CVE-2016-10225 | 1 Allwinner | 4 A83t, H3, H8 and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug. | |||||
| CVE-2016-10200 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c. | |||||
| CVE-2016-10187 | 1 Calibre-ebook | 1 Calibre | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. | |||||
| CVE-2016-10156 | 1 Systemd Project | 1 Systemd | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. | |||||
| CVE-2016-10152 | 1 Hesiod Project | 1 Hesiod | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls back to the ".athena.mit.edu" default domain when opening the configuration file fails, which allows remote attackers to gain root privileges by poisoning the DNS cache. | |||||
| CVE-2016-10151 | 1 Hesiod Project | 1 Hesiod | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the (1) HESIOD_CONFIG or (2) HES_DOMAIN environment variable and leveraging certain SUID/SGUID binary. | |||||
| CVE-2016-10150 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device. | |||||
| CVE-2016-10126 | 1 Splunk | 1 Splunk | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before 6.0.13, 6.1.x before 6.1.12, 6.2.x before 6.2.12, 6.3.x before 6.3.8, and 6.4.x before 6.4.4 allows remote attackers to conduct HTTP request injection attacks and obtain sensitive REST API authentication-token information via unspecified vectors, aka SPL-128840. | |||||
| CVE-2016-10123 | 1 Firejail Project | 1 Firejail | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Firejail allows --chroot when seccomp is not supported, which might allow local users to gain privileges. | |||||
| CVE-2016-10122 | 1 Firejail Project | 1 Firejail | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Firejail does not properly clean environment variables, which allows local users to gain privileges. | |||||
| CVE-2016-10121 | 1 Firejail Project | 1 Firejail | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges. | |||||