Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0009 | 1 Microsoft | 4 Windows 10, Windows 7, Windows Server 2008 and 1 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via unspecified vectors, aka "Win32k Remote Code Execution Vulnerability." | |||||
| CVE-2016-0007 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0006. | |||||
| CVE-2016-0006 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0007. | |||||
| CVE-2015-9196 | 1 Qualcomm | 8 Fsm9055, Fsm9055 Firmware, Mdm9635m and 5 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Small Cell SoC FSM9055, MDM9635M, SD 400, and SD 800, improper input validation in tzbsp_ocmem can cause privilege escalation. | |||||
| CVE-2015-9016 | 1 Google | 1 Android | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046. | |||||
| CVE-2015-9015 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714120. | |||||
| CVE-2015-9014 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750. | |||||
| CVE-2015-9013 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251. | |||||
| CVE-2015-9012 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691. | |||||
| CVE-2015-9011 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882. | |||||
| CVE-2015-9010 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101. | |||||
| CVE-2015-9009 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600. | |||||
| CVE-2015-9008 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689. | |||||
| CVE-2015-9004 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions. | |||||
| CVE-2015-8994 | 1 Php | 1 Php | 2024-11-21 | 6.8 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode ("opcode" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database. | |||||
| CVE-2015-8993 | 1 Mcafee | 3 Cloud Av, Security Scan Plus, Security Webadvisor | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. | |||||
| CVE-2015-8992 | 1 Mcafee | 3 Cloud Av, Security Scan Plus, Security Webadvisor | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. | |||||
| CVE-2015-8991 | 1 Mcafee | 3 Cloud Av, Security Scan Plus, Security Webadvisor | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation. | |||||
| CVE-2015-8967 | 2 Google, Linux | 2 Android, Linux Kernel | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access. | |||||
| CVE-2015-8966 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call. | |||||