Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-3875 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access restrictions and boot to safe mode via unspecified vectors, aka internal bug 26251884. | |||||
CVE-2015-8333 | 1 Huawei | 1 Vcn500 | 2024-02-28 | 5.5 MEDIUM | 7.1 HIGH |
The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 allows remote authenticated users to change the IP address of the media server via crafted packets. | |||||
CVE-2015-6395 | 1 Cisco | 1 Prime Service Catalog | 2024-02-28 | 6.5 MEDIUM | N/A |
Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID CSCuw48188. | |||||
CVE-2016-5231 | 1 Huawei | 2 Mate 8, Mate 8 Firmware | 2024-02-28 | 5.0 MEDIUM | 7.8 HIGH |
Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and delete user data via a crafted app. | |||||
CVE-2016-1625 | 3 Debian, Google, Opensuse | 3 Debian Linux, Chrome, Opensuse | 2024-02-28 | 4.3 MEDIUM | 4.3 MEDIUM |
The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page (NTP) navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instant_service.cc and search_tab_helper.cc. | |||||
CVE-2016-2393 | 1 Lenovo | 2 Fingerprint Manager, Touch Fingerprint | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before 1.00.08 use weak ACLs for unspecified (1) services and (2) files, which allows local users to gain privileges by invalidating local checks. | |||||
CVE-2016-1963 | 1 Mozilla | 1 Firefox | 2024-02-28 | 4.4 MEDIUM | 7.4 HIGH |
The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. | |||||
CVE-2016-2440 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896. | |||||
CVE-2015-4185 | 1 Cisco | 1 Ios | 2024-02-28 | 6.9 MEDIUM | N/A |
The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CSCuq24202. | |||||
CVE-2015-3290 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | N/A |
arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering an NMI within a certain instruction window. | |||||
CVE-2016-2810 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-28 | 4.3 MEDIUM | 5.0 MEDIUM |
Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password. | |||||
CVE-2016-3849 | 1 Google | 1 Android | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740. | |||||
CVE-2016-2490 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27533373. | |||||
CVE-2015-7430 | 1 Apache | 1 Hadoop | 2024-02-28 | 4.6 MEDIUM | 8.4 HIGH |
The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors. | |||||
CVE-2016-5654 | 1 Misys | 1 Fusioncapital Opics Plus | 2024-02-28 | 8.5 HIGH | 7.5 HIGH |
Misys FusionCapital Opics Plus allows remote authenticated users to gain privileges via a man-in-the-middle attack that modifies the xmlMessageOut parameter. | |||||
CVE-2015-3704 | 1 Apple | 1 Mac Os X | 2024-02-28 | 9.3 HIGH | N/A |
runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
CVE-2016-3254 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3249, CVE-2016-3252, and CVE-2016-3286. | |||||
CVE-2015-6850 | 1 Emc | 1 Vplex Geosynchrony | 2024-02-28 | 7.2 HIGH | 8.4 HIGH |
EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. | |||||
CVE-2016-2456 | 1 Google | 2 Android, Android One | 2024-02-28 | 5.1 MEDIUM | 7.0 HIGH |
The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27275187. | |||||
CVE-2016-2353 | 1 Accellion | 1 File Transfer Appliance | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows local users to add an SSH key to an arbitrary group, and consequently gain privileges, via unspecified vectors. |