Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8434 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 9.3 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32125137. References: QC-CR#1081855. | |||||
| CVE-2016-8433 | 1 Google | 1 Android | 2017-01-18 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31750190. References: MT-ALPS02974192. | |||||
| CVE-2015-8961 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 9.3 HIGH | 7.8 HIGH |
| The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field. | |||||
| CVE-2016-8392 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31385862. References: QC-CR#1073136. | |||||
| CVE-2016-8393 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31911920. | |||||
| CVE-2016-8468 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in Binder could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.18. Android ID: A-32394425. | |||||
| CVE-2016-8431 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32402179. References: N-CVE-2016-8431. | |||||
| CVE-2016-8435 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 9.3 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32700935. References: N-CVE-2016-8435. | |||||
| CVE-2016-8448 | 1 Google | 1 Android | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31791148. References: MT-ALPS02982181. | |||||
| CVE-2016-8450 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32450563. References: QC-CR#880388. | |||||
| CVE-2016-8391 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31253255. References: QC-CR#1072166. | |||||
| CVE-2016-8394 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-31913197. | |||||
| CVE-2016-8446 | 1 Google | 1 Android | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747749. References: MT-ALPS02968909. | |||||
| CVE-2016-6784 | 1 Google | 1 Android | 2017-01-18 | 9.3 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31350755. References: MT-ALPS02961424. | |||||
| CVE-2016-6886 | 1 Matrixssl | 1 Matrixssl | 2017-01-18 | 5.0 MEDIUM | 7.5 HIGH |
| The pstm_reverse function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid memory read and crash) via a (1) zero value or (2) the key's modulus for the secret key during RSA key exchange. | |||||
| CVE-2016-8447 | 1 Google | 1 Android | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31749463. References: MT-ALPS02968886. | |||||
| CVE-2016-6791 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31252384. References: QC-CR#1071809. | |||||
| CVE-2016-6885 | 1 Matrixssl | 1 Matrixssl | 2017-01-17 | 5.0 MEDIUM | 7.5 HIGH |
| The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote attackers to cause a denial of service (invalid free and crash) via a base zero value for the modular exponentiation. | |||||
| CVE-2010-5327 | 1 Liferay | 1 Liferay Portal | 2017-01-17 | 6.5 MEDIUM | 8.8 HIGH |
| Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. | |||||
| CVE-2016-10125 | 1 D-link | 13 Dgs-1100-05, Dgs-1100-05pd, Dgs-1100-08 and 10 more | 2017-01-13 | 6.8 MEDIUM | 8.1 HIGH |
| D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded SSL private key, which allows man-in-the-middle attackers to spoof devices by hijacking an HTTPS session. | |||||
| CVE-2015-1000012 | 1 Mypixs Project | 1 Mypixs | 2017-01-12 | 5.0 MEDIUM | 7.5 HIGH |
| Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin | |||||
| CVE-2016-10116 | 1 Netgear | 8 Arlo Base Station Firmware, Arlo Q Camera Firmware, Arlo Q Plus Camera Firmware and 5 more | 2017-01-11 | 9.3 HIGH | 8.1 HIGH |
| NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack. | |||||
| CVE-2016-0888 | 1 Emc | 1 Documentum D2 | 2017-01-11 | 9.0 HIGH | 8.8 HIGH |
| EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors. | |||||
| CVE-2016-4295 | 1 Hancom | 1 Hancom Office 2014 | 2017-01-11 | 6.8 MEDIUM | 7.8 HIGH |
| When opening a Hangul Hcell Document (.cell) and processing a particular record within the Workbook stream, an index miscalculation leading to a heap overlow can be made to occur in Hancom Office 2014. The vulnerability occurs when processing data for a formula used to render a chart via the HncChartPlugin.hplg library. Due to a lack of bounds-checking when incrementing an index that is used for writing into a buffer for formulae, the application can be made to write pointer data outside its bounds which can lead to code execution under the context of the application. | |||||
| CVE-2016-4290 | 1 Hancom | 1 Hancom Office 2014 | 2017-01-11 | 6.8 MEDIUM | 7.8 HIGH |
| When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a block of data within the file. When calculating this length, the application will use a value from the file and add a constant to it without checking whether the addition of the constant will cause the integer to overflow which will cause the buffer to be undersized when the application tries to copy file data into it. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application. | |||||
| CVE-2016-4292 | 1 Hancom | 1 Hancom Office 2014 | 2017-01-11 | 6.8 MEDIUM | 7.8 HIGH |
| When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, an aggressor can corrupt memory outside the bounds of this buffer which can lead to code execution under the context of the application. | |||||
| CVE-2016-4291 | 1 Hancom | 1 Hancom Office 2014 | 2017-01-11 | 6.8 MEDIUM | 7.8 HIGH |
| When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overflow. This result is then used to allocate memory to copy file data in. Due to the lack of bounds checking on the integer, the allocated memory buffer can be made to be undersized at which point the reading of file data will write outside the bounds of the buffer. This can lead to code execution under the context of the application. | |||||
| CVE-2016-4296 | 1 Hancom | 1 Hancom Office 2014 | 2017-01-11 | 6.8 MEDIUM | 7.8 HIGH |
| When opening a Hangul Hcell Document (.cell) and processing a record that uses the CSSValFormat object, Hancom Office 2014 will search for an underscore ("_") character at the end of the string and write a null terminator after it. If the character is at the very end of the string, the application will mistakenly write the null-byte outside the bounds of its destination. This can result in heap corruption that can lead code execution under the context of the application | |||||
| CVE-2016-4298 | 1 Hancom | 1 Hancom Office 2014 | 2017-01-11 | 6.8 MEDIUM | 7.8 HIGH |
| When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a list of elements using a length from the file. When calculating this length, an integer overflow can be made to occur which will cause the buffer to be undersized when the application tries to copy file data into the object containing this structure. This allows one to overwrite contiguous data in the heap which can lead to code-execution under the context of the application. | |||||
| CVE-2016-4294 | 1 Hancom | 1 Hancom Office 2014 | 2017-01-11 | 6.8 MEDIUM | 7.8 HIGH |
| When opening a Hangul Hcell Document (.cell) and processing a property record within the Workbook stream, Hancom Office 2014 will attempt to allocate space for an element using a length from the file. When copying user-supplied data to this buffer, however, the application will use a different size which leads to a heap-based buffer overflow. This vulnerability can lead to code-execution under the context of the application. | |||||
| CVE-2016-0910 | 1 Emc | 1 Data Domain Os | 2017-01-11 | 4.3 MEDIUM | 8.8 HIGH |
| EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary accounts via unspecified vectors. | |||||
| CVE-2016-9867 | 1 Emc | 1 Scaleio | 2017-01-11 | 4.6 MEDIUM | 8.8 HIGH |
| An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A low-privileged local attacker may be able to modify the kernel memory in the SCINI driver and may achieve code execution to escalate privileges to root on ScaleIO Data Client (SDC) servers. | |||||
| CVE-2016-4335 | 1 Lexmark | 1 Perceptive Document Filters | 2017-01-11 | 6.8 MEDIUM | 8.4 HIGH |
| An exploitable buffer overflow exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution. | |||||
| CVE-2016-10030 | 1 Schedmd | 1 Slurm | 2017-01-11 | 7.6 HIGH | 8.1 HIGH |
| The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the system. Any exploitation of this is dependent on the user being able to cause or anticipate the failure (non-zero return code) of a Prolog script that their job would run on. This issue affects all Slurm versions from 0.6.0 (September 2005) to present. Workarounds to prevent exploitation of this are to either disable your Prolog script, or modify it such that it always returns 0 ("success") and adjust it to set the node as down using scontrol instead of relying on the slurmd to handle that automatically. If you do not have a Prolog set you are unaffected by this issue. | |||||
| CVE-2016-10097 | 1 Forgerock | 1 Openam | 2017-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| XML External Entity (XXE) Vulnerability in /SSOPOST/metaAlias/%realm%/idpv2 in OpenAM - Access Management 10.1.0 allows remote attackers to read arbitrary files via the SAMLRequest parameter. | |||||
| CVE-2016-6831 | 1 Call-cc | 1 Chicken | 2017-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve() call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 (it will be fixed in 4.12 and 5.0, which are not yet released). | |||||
| CVE-2016-6286 | 1 Call-cc | 1 Http-client | 2017-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| The "spiffy-cgi-handlers" egg would convert a nonexistent "Proxy" header to the HTTP_PROXY environment variable, which would allow attackers to direct CGI programs which use this environment variable to use an attacker-specified HTTP proxy server (also known as a "httpoxy" attack). This affects all versions of spiffy-cgi-handlers before 0.5. | |||||
| CVE-2016-6287 | 1 Call-cc | 1 Http-client | 2017-01-11 | 5.0 MEDIUM | 7.5 HIGH |
| The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an attacker to direct all HTTP requests through a proxy (also known as a "httpoxy" attack). This affects all versions of http-client before 0.10. | |||||
| CVE-2016-4288 | 1 Bluestacks | 1 Bluestacks | 2017-01-10 | 7.2 HIGH | 8.4 HIGH |
| A local privilege escalation vulnerability exists in BlueStacks App Player. The BlueStacks App Player installer creates a registry key with weak permissions that allows users to execute arbitrary programs with SYSTEM privileges. | |||||
| CVE-2016-5646 | 1 Lexmark | 1 Perceptive Document Filters | 2017-01-10 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this vulnerability. | |||||
| CVE-2016-2309 | 1 Irz | 1 Ruh2 | 2017-01-10 | 8.0 HIGH | 7.2 HIGH |
| iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | |||||
| CVE-2016-7425 | 1 Linux | 1 Linux Kernel | 2017-01-07 | 7.2 HIGH | 7.8 HIGH |
| The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code. | |||||
| CVE-2016-6894 | 1 Arista | 6 Dcs-7050q, Dcs-7050q Eos Software, Dcs-7050s and 3 more | 2017-01-07 | 7.8 HIGH | 7.5 HIGH |
| Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before 4.17.0F on DCS-7050 series devices allow remote attackers to cause a denial of service (device reboot) by sending crafted packets to the control plane. | |||||
| CVE-2016-10041 | 1 Sprecher-automation | 1 Sprecon-e Service Program | 2017-01-07 | 4.6 MEDIUM | 7.5 HIGH |
| An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisites, a user must have created an online-connection, validly authenticated and authorized as administrator, and executed telegram simulation. After that, the online-connection must have been closed. Incorrect caching of client data then may lead to privilege escalation, where a subsequently acting non-admin user is permitted to do telegram simulation. In order to exploit this vulnerability, a potential attacker would need to have both a valid engineering-account in the SPRECON RBAC system as well as access to a service/maintenance computer with SPRECON-E Service Program running. Additionally, a valid admin-user must have closed the service connection beforehand without closing the program, having executed telegram simulation; the attacker then has access to the running software instance. Hence, there is no risk from external attackers. | |||||
| CVE-2016-7902 | 1 Dotclear | 1 Dotclear | 2017-01-07 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted file upload vulnerability in the fileUnzip->unzip method in Dotclear before 2.10.3 allows remote authenticated users with permissions to manage media items to execute arbitrary code by uploading a ZIP file containing a file with a crafted extension, as demonstrated by .php.txt or .php%20. | |||||
| CVE-2015-3288 | 1 Linux | 1 Linux Kernel | 2017-01-07 | 7.2 HIGH | 7.8 HIGH |
| mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero. | |||||
| CVE-2016-9950 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2017-01-07 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system. | |||||
| CVE-2016-9949 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2017-01-07 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code. | |||||
| CVE-2016-9754 | 1 Linux | 1 Linux Kernel | 2017-01-07 | 7.2 HIGH | 7.8 HIGH |
| The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffer_size_kb file. | |||||
| CVE-2016-9644 | 1 Linux | 1 Linux Kernel | 2017-01-07 | 9.3 HIGH | 7.8 HIGH |
| The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows local users to obtain root access on non-SMEP platforms via a crafted application. NOTE: this vulnerability exists because of incorrect backporting of the CVE-2016-9178 patch to older kernels. | |||||