Total
5222 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-3807 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196. | |||||
CVE-2016-0819 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. | |||||
CVE-2016-5847 | 1 Sap | 1 Sapcar Archive Tool | 2024-02-28 | 4.4 MEDIUM | 5.8 MEDIUM |
SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384. | |||||
CVE-2016-1196 | 1 Cybozu | 1 Garoon | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated users to bypass intended access restrictions and obtain sensitive Address Book information via an API call, a different vulnerability than CVE-2015-7776. | |||||
CVE-2015-7496 | 2 Fedoraproject, Gnome | 2 Fedora, Gnome Display Manager | 2024-02-28 | 7.2 HIGH | N/A |
GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key. | |||||
CVE-2016-3913 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate a certain static_cast operation, which allows attackers to gain privileges via a crafted application, aka internal bug 30204103. | |||||
CVE-2016-0843 | 1 Google | 1 Android | 2024-02-28 | 7.2 HIGH | 8.4 HIGH |
The Qualcomm ARM processor performance-event manager in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application, aka internal bug 25801197. | |||||
CVE-2015-2984 | 1 Iodata | 2 Wn-g54\/r2, Wn-g54\/r2 Firmware | 2024-02-28 | 5.0 MEDIUM | N/A |
I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. | |||||
CVE-2015-2686 | 1 Linux | 1 Linux Kernel | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subsystem that uses the copy_from_iter function in the iov_iter interface, as demonstrated by the Bluetooth subsystem. | |||||
CVE-2016-2206 | 1 Symantec | 2 Workspace Streaming, Workspace Virtualization | 2024-02-28 | 3.3 LOW | 5.7 MEDIUM |
The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file. | |||||
CVE-2015-4997 | 1 Ibm | 1 Websphere Portal | 2024-02-28 | 6.8 MEDIUM | N/A |
IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request. | |||||
CVE-2016-5499 | 1 Oracle | 1 Database Server | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5498. | |||||
CVE-2016-7435 | 1 Sap | 1 Netweaver | 2024-02-28 | 9.0 HIGH | 9.1 CRITICAL |
The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and (3) SCTC_TMS_MAINTAIN_ALOG functions in the SCTC subpackage in SAP Netweaver 7.40 SP 12 allow remote authenticated users with certain permissions to execute arbitrary commands via vectors involving a CALL 'SYSTEM' statement, aka SAP Security Note 2260344. | |||||
CVE-2015-1984 | 1 Ibm | 1 Infosphere Master Data Management | 2024-02-28 | 4.0 MEDIUM | N/A |
IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary profiles via unspecified vectors, as demonstrated by discovering usernames for use in brute-force attacks. | |||||
CVE-2014-9780 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28602014 and Qualcomm internal bug CR542222. | |||||
CVE-2014-9873 | 1 Google | 1 Android | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860. | |||||
CVE-2016-7142 | 2 Debian, Inspircd | 2 Debian Linux, Inspircd | 2024-02-28 | 4.3 MEDIUM | 5.9 MEDIUM |
The m_sasl module in InspIRCd before 2.0.23, when used with a service that supports SASL_EXTERNAL authentication, allows remote attackers to spoof certificate fingerprints and consequently log in as another user via a crafted SASL message. | |||||
CVE-2016-3851 | 1 Google | 1 Android | 2024-02-28 | 9.3 HIGH | 8.1 HIGH |
The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941. | |||||
CVE-2016-1456 | 1 Cisco | 1 Ios Xr | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721. | |||||
CVE-2016-3725 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-02-28 | 5.0 MEDIUM | 4.3 MEDIUM |
Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated users to trigger updating of update site metadata by leveraging a missing permissions check. NOTE: this issue can be combined with DNS cache poisoning to cause a denial of service (service disruption). |