Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-6276 | 1 Citrix | 1 Linux Virtual Delivery Agent | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual Desktop) before 1.4.0 allows local users to gain root privileges via unspecified vectors. | |||||
CVE-2016-2521 | 1 Wireshark | 1 Wireshark | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary. | |||||
CVE-2016-3939 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30874196 and Qualcomm internal bug CR 1001224. | |||||
CVE-2016-2313 | 2 Cacti, Opensuse | 3 Cacti, Leap, Opensuse | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database. | |||||
CVE-2016-3221 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 6.9 MEDIUM | 7.8 HIGH |
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3218. | |||||
CVE-2015-8842 | 1 Opensuse | 1 Opensuse | 2024-02-28 | 2.1 LOW | 3.3 LOW |
tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file. | |||||
CVE-2016-2453 | 1 Google | 2 Android, Android One | 2024-02-28 | 7.6 HIGH | 7.0 HIGH |
The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 27549705. | |||||
CVE-2015-5787 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.3 MEDIUM | N/A |
The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app. | |||||
CVE-2015-4234 | 1 Cisco | 1 Nx-os | 2024-02-28 | 7.2 HIGH | N/A |
Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127. | |||||
CVE-2016-0908 | 1 Emc | 1 Isilon Onefs | 2024-02-28 | 6.8 MEDIUM | 6.7 MEDIUM |
EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges. | |||||
CVE-2016-4962 | 2 Oracle, Xen | 2 Vm Server, Xen | 2024-02-28 | 6.8 MEDIUM | 6.7 MEDIUM |
The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore. | |||||
CVE-2015-7197 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-28 | 5.0 MEDIUM | N/A |
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code. | |||||
CVE-2015-0861 | 2 Debian, Tryton | 2 Debian Linux, Trytond | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write to arbitrary fields via a sequence of records. | |||||
CVE-2015-5021 | 1 Ibm | 1 Infosphere Information Server | 2024-02-28 | 5.5 MEDIUM | N/A |
IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors. | |||||
CVE-2016-3372 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2024-02-28 | 3.6 LOW | 6.6 MEDIUM |
The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." | |||||
CVE-2016-2502 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a large size in a GSER_IOCTL ioctl call, aka Android internal bug 27657963 and Qualcomm internal bug CR997044. | |||||
CVE-2015-1293 | 1 Google | 1 Chrome | 2024-02-28 | 7.5 HIGH | N/A |
The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
CVE-2015-7840 | 1 Solarwinds | 1 Log And Event Manager | 2024-02-28 | 7.5 HIGH | N/A |
The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature. | |||||
CVE-2015-0142 | 1 Ibm | 1 Openpages Grc Platform | 2024-02-28 | 4.0 MEDIUM | N/A |
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function. | |||||
CVE-2015-2993 | 1 Sysaid | 1 Sysaid | 2024-02-28 | 7.5 HIGH | N/A |
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry. |