Search
Total
781 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1531 | 1 Exim | 1 Exim | 2017-09-08 | 6.9 MEDIUM | 7.0 HIGH |
| Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument. | |||||
| CVE-2015-6639 | 1 Google | 1 Android | 2017-09-07 | 9.3 HIGH | 7.8 HIGH |
| The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. | |||||
| CVE-2016-10277 | 1 Linux | 1 Linux Kernel | 2017-09-06 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490. | |||||
| CVE-2016-7661 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-09-03 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references. | |||||
| CVE-2016-3989 | 1 Meinberg | 12 Ims-lantime M1000, Ims-lantime M3000, Ims-lantime M500 and 9 more | 2017-09-03 | 8.5 HIGH | 8.1 HIGH |
| The NTP time-server interface on Meinberg IMS-LANTIME M3000, IMS-LANTIME M1000, IMS-LANTIME M500, LANTIME M900, LANTIME M600, LANTIME M400, LANTIME M300, LANTIME M200, LANTIME M100, SyncFire 1100, and LCES devices with firmware before 6.20.004 allows remote authenticated users to obtain root privileges for writing to unspecified scripts, and consequently obtain sensitive information or modify data, by leveraging access to the nobody account. | |||||
| CVE-2016-3053 | 1 Ibm | 1 Aix | 2017-09-03 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | |||||
| CVE-2016-3861 | 1 Google | 1 Android | 2017-09-03 | 9.3 HIGH | 7.8 HIGH |
| LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with different encoding widths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted file, aka internal bug 29250543. | |||||
| CVE-2016-1611 | 1 Novell | 1 Filr | 2017-09-03 | 7.2 HIGH | 7.8 HIGH |
| Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands. | |||||
| CVE-2016-2431 | 1 Google | 4 Android, Nexus 5, Nexus 6 and 1 more | 2017-09-02 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809. | |||||
| CVE-2013-7432 | 1 Mapsplugin | 1 Googlemaps | 2017-09-01 | 5.0 MEDIUM | 7.5 HIGH |
| The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to bypass an intended protection mechanism. | |||||
| CVE-2016-0263 | 1 Ibm | 2 General Parallel File System Storage Server, Spectrum Scale | 2017-09-01 | 7.2 HIGH | 7.0 HIGH |
| IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and General Parallel File System 3.5 before 3.5.0.30 allow local users to gain privileges or cause a denial of service via a crafted mmapplypolicy command. | |||||
| CVE-2016-4638 | 1 Apple | 1 Mac Os X | 2017-09-01 | 9.3 HIGH | 7.8 HIGH |
| Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion." | |||||
| CVE-2016-4633 | 1 Apple | 1 Mac Os X | 2017-09-01 | 6.9 MEDIUM | 7.8 HIGH |
| Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-1456 | 1 Cisco | 1 Ios Xr | 2017-09-01 | 7.2 HIGH | 7.8 HIGH |
| The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721. | |||||
| CVE-2015-1324 | 1 Canonical | 1 Ubuntu Linux | 2017-08-30 | 7.2 HIGH | 7.8 HIGH |
| Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries. | |||||
| CVE-2015-3617 | 1 Fortinet | 1 Fortimanager Firmware | 2017-08-29 | 4.6 MEDIUM | 7.8 HIGH |
| Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. | |||||
| CVE-2016-5867 | 1 Google | 1 Android | 2017-08-20 | 7.6 HIGH | 7.0 HIGH |
| In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow. | |||||
| CVE-2016-5864 | 1 Google | 1 Android | 2017-08-20 | 9.3 HIGH | 7.8 HIGH |
| In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access. | |||||
| CVE-2016-5863 | 1 Google | 1 Android | 2017-08-20 | 9.3 HIGH | 7.8 HIGH |
| In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses. | |||||
| CVE-2016-5860 | 1 Google | 1 Android | 2017-08-20 | 7.6 HIGH | 7.0 HIGH |
| In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow. | |||||
| CVE-2016-5861 | 1 Google | 1 Android | 2017-08-20 | 8.3 HIGH | 8.8 HIGH |
| In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow. | |||||
| CVE-2016-5862 | 1 Google | 1 Android | 2017-08-20 | 7.6 HIGH | 7.0 HIGH |
| When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs. | |||||
| CVE-2016-5859 | 1 Google | 1 Android | 2017-08-18 | 7.6 HIGH | 7.0 HIGH |
| In a sound driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a buffer overflow. | |||||
| CVE-2015-1378 | 1 Grml | 1 Grml-debootstrap | 2017-08-16 | 5.0 MEDIUM | 7.5 HIGH |
| cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users. | |||||
| CVE-2016-5266 | 1 Mozilla | 1 Firefox | 2017-08-16 | 5.8 MEDIUM | 8.1 HIGH |
| Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site. | |||||
| CVE-2016-1457 | 1 Cisco | 1 Firepower Management Center | 2017-08-16 | 9.0 HIGH | 8.8 HIGH |
| The web-based GUI in Cisco Firepower Management Center 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 and Cisco Adaptive Security Appliance (ASA) Software on 5500-X devices with FirePOWER Services 4.x and 5.x before 5.3.1.2 and 5.4.x before 5.4.0.1 allows remote authenticated users to execute arbitrary commands as root via crafted HTTP requests, aka Bug ID CSCur25513. | |||||
| CVE-2014-9262 | 1 Snapcreek | 1 Duplicator | 2017-08-15 | 5.5 MEDIUM | 8.2 HIGH |
| The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files. | |||||
| CVE-2014-9260 | 1 Downloadmanager | 1 Download Manager | 2017-08-15 | 6.5 MEDIUM | 8.8 HIGH |
| The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option. | |||||
| CVE-2016-3864 | 1 Google | 1 Android | 2017-08-13 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28823714 and Qualcomm internal bug CR913117. | |||||
| CVE-2016-3859 | 1 Google | 1 Android | 2017-08-13 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28815326 and Qualcomm internal bug CR1034641. | |||||
| CVE-2016-3871 | 1 Google | 1 Android | 2017-08-13 | 9.3 HIGH | 7.8 HIGH |
| Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allow attackers to gain privileges via a crafted application, aka internal bug 29422022. | |||||
| CVE-2016-3865 | 1 Google | 1 Android | 2017-08-13 | 9.3 HIGH | 7.8 HIGH |
| The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389. | |||||
| CVE-2016-2446 | 1 Google | 2 Android, Nexus 9 | 2017-08-13 | 7.6 HIGH | 7.0 HIGH |
| The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27441354. | |||||
| CVE-2016-3867 | 1 Google | 1 Android | 2017-08-13 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28919863 and Qualcomm internal bug CR1037897. | |||||
| CVE-2016-3869 | 1 Google | 1 Android | 2017-08-13 | 9.3 HIGH | 7.8 HIGH |
| The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#96070. | |||||
| CVE-2016-3870 | 1 Google | 1 Android | 2017-08-13 | 9.3 HIGH | 7.8 HIGH |
| omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not prevent input-port changes, which allows attackers to gain privileges via a crafted application, aka internal bug 29421804. | |||||
| CVE-2016-3887 | 1 Google | 1 Android | 2017-08-13 | 6.8 MEDIUM | 7.8 HIGH |
| providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOW_CONFIG_VPN setting, which allows attackers to bypass an intended always-on VPN state via a crafted application, aka internal bug 29899712. | |||||
| CVE-2016-3890 | 1 Google | 1 Android | 2017-08-13 | 7.6 HIGH | 7.0 HIGH |
| The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842. | |||||
| CVE-2016-4382 | 1 Hp | 1 Performance Center | 2017-08-13 | 6.0 MEDIUM | 8.3 HIGH |
| HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to a "remote user validation failure" issue. | |||||
| CVE-2016-3874 | 1 Google | 1 Android | 2017-08-13 | 9.3 HIGH | 7.8 HIGH |
| CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X devices does not properly validate the arguments array, which allows attackers to gain privileges via a crafted application that sends a WE_UNIT_TEST_CMD command, aka Android internal bug 29944562 and Qualcomm internal bug CR997797. | |||||
| CVE-2016-3866 | 1 Google | 1 Android | 2017-08-13 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28868303 and Qualcomm internal bug CR1032820. | |||||
| CVE-2016-3868 | 1 Google | 1 Android | 2017-08-13 | 9.3 HIGH | 7.8 HIGH |
| The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28967028 and Qualcomm internal bug CR1032875. | |||||
| CVE-2016-3885 | 1 Google | 1 Android | 2017-08-13 | 9.3 HIGH | 7.8 HIGH |
| debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal bug 29555636. | |||||
| CVE-2015-0721 | 1 Cisco | 56 Nexus 1000v For Microsoft Hyper-v, Nexus 1000v For Vmware Vsphere, Nexus 3016 and 53 more | 2017-07-30 | 9.0 HIGH | 8.0 HIGH |
| Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492. | |||||
| CVE-2016-6428 | 1 Cisco | 1 Ios Xr | 2017-07-30 | 7.2 HIGH | 7.8 HIGH |
| Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands as root by leveraging admin privileges, aka Bug ID CSCva38349. | |||||
| CVE-2016-6402 | 1 Cisco | 1 Unified Computing System | 2017-07-30 | 7.2 HIGH | 7.8 HIGH |
| UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified Computing System (UCS) through 3.0(2d) allow local users to obtain OS root access via crafted CLI input, aka Bug ID CSCuz91263. | |||||
| CVE-2016-6413 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2017-07-30 | 6.8 MEDIUM | 7.8 HIGH |
| The installation procedure on Cisco Application Policy Infrastructure Controller (APIC) devices 1.3(2f) mishandles binary files, which allows local users to obtain root access via unspecified vectors, aka Bug ID CSCva50496. | |||||
| CVE-2016-4716 | 1 Apple | 1 Mac Os X | 2017-07-30 | 7.2 HIGH | 7.8 HIGH |
| diskutil in DiskArbitration in Apple OS X before 10.12 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2016-7086 | 2 Microsoft, Vmware | 3 Windows, Workstation Player, Workstation Pro | 2017-07-30 | 7.2 HIGH | 7.8 HIGH |
| The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the installation directory. | |||||
| CVE-2016-5995 | 3 Hp, Ibm, Linux | 5 Hp-ux, Aix, Db2 and 2 more | 2017-07-30 | 6.9 MEDIUM | 7.3 HIGH |
| Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program. | |||||