Search
Total
5300 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9921 | 1 Mcafee | 1 Cloud Analysis And Deconstructive Services | 2017-03-23 | 9.7 HIGH | 9.8 CRITICAL |
| Information disclosure vulnerability in McAfee (now Intel Security) Cloud Analysis and Deconstructive Services (CADS) 1.0.0.3x, 1.0.0.4d and earlier allows remote unauthenticated users to view, add, and remove users via a configuration error. | |||||
| CVE-2015-1610 | 1 Opendaylight | 1 L2switch | 2017-03-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing." | |||||
| CVE-2016-10187 | 1 Calibre-ebook | 1 Calibre | 2017-03-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. | |||||
| CVE-2014-8708 | 1 Pluck-cms | 1 Pluck | 2017-03-20 | 7.5 HIGH | 9.8 CRITICAL |
| Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature. | |||||
| CVE-2016-8363 | 1 Moxa | 28 Awk-1121, Awk-1121 Firmware, Awk-1127 and 25 more | 2017-03-16 | 7.5 HIGH | 10.0 CRITICAL |
| An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series, AWK-3131/4131 Series, and AWK-5222/6222 Series. User is able to execute arbitrary OS commands on the server. | |||||
| CVE-2015-8994 | 1 Php | 1 Php | 2017-03-16 | 6.8 MEDIUM | 7.5 HIGH |
| An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a non-default configuration with the opcache.validate_permission=1 setting. The vulnerability details are as follows. In PHP SAPIs where PHP interpreters share a common parent process, Zend OpCache creates a shared memory object owned by the common parent during initialization. Child PHP processes inherit the SHM descriptor, using it to cache and retrieve compiled script bytecode ("opcode" in PHP jargon). Cache keys vary depending on configuration, but filename is a central key component, and compiled opcode can generally be run if a script's filename is known or can be guessed. Many common shared-hosting configurations change EUID in child processes to enforce privilege separation among hosted users (for example using mod_ruid2 for the Apache HTTP Server, or php-fpm user settings). In these scenarios, the default Zend OpCache behavior defeats script file permissions by sharing a single SHM cache among all child PHP processes. PHP scripts often contain sensitive information: Think of CMS configurations where reading or running another user's script usually means gaining privileges to the CMS database. | |||||
| CVE-2016-5374 | 1 Netapp | 1 Data Ontap | 2017-03-14 | 6.5 MEDIUM | 8.8 HIGH |
| NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry. | |||||
| CVE-2016-9871 | 1 Emc | 1 Isilon Onefs | 2017-03-14 | 9.0 HIGH | 7.2 HIGH |
| EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system. | |||||
| CVE-2016-8353 | 1 Osisoft | 1 Pi Web Api 2015 R2 | 2017-03-14 | 5.5 MEDIUM | 6.4 MEDIUM |
| An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. | |||||
| CVE-2015-2794 | 1 Dotnetnuke | 1 Dotnetnuke | 2017-03-02 | 7.5 HIGH | 9.8 CRITICAL |
| The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx. | |||||
| CVE-2016-9009 | 1 Ibm | 1 Websphere Mq | 2017-03-02 | 4.0 MEDIUM | 3.1 LOW |
| IBM WebSphere MQ 8.0 could allow an authenticated user with authority to create a cluster object to cause a denial of service to MQ clustering. IBM Reference #: 1998647. | |||||
| CVE-2016-8494 | 1 Fortinet | 1 Connect | 2017-03-01 | 6.5 MEDIUM | 7.2 HIGH |
| Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. | |||||
| CVE-2016-4043 | 1 Plone | 1 Plone | 2017-02-28 | 3.5 LOW | 4.9 MEDIUM |
| Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote authenticated users to bypass Restricted Python by leveraging permissions to create or edit templates. | |||||
| CVE-2016-4041 | 1 Plone | 1 Plone | 2017-02-27 | 7.5 HIGH | 7.3 HIGH |
| Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors. | |||||
| CVE-2016-7582 | 1 Apple | 1 Mac Os X | 2017-02-21 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2016-7583 | 1 Apple | 1 Icloud | 2017-02-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. iCloud before 6.0.1 is affected. The issue involves the setup subsystem in the "iCloud" component. It allows local users to gain privileges via a crafted dynamic library in an unspecified directory. | |||||
| CVE-2005-3179 | 1 Linux | 1 Linux Kernel | 2017-02-19 | 2.1 LOW | N/A |
| drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information. | |||||
| CVE-2016-9366 | 1 Moxa | 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more | 2017-02-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. An attacker can freely use brute force to determine parameters needed to bypass authentication. | |||||
| CVE-2016-9353 | 1 Advantech | 1 Susiaccess | 2017-02-17 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The admin password is stored in the system and is encrypted with a static key hard-coded in the program. Attackers could reverse the admin account password for use. | |||||
| CVE-2016-1880 | 1 Freebsd | 1 Freebsd | 2017-02-17 | 7.2 HIGH | 7.8 HIGH |
| The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to read portions of kernel memory and potentially gain privilege via unspecified vectors, related to "handling of Linux futex robust lists." | |||||
| CVE-2016-8357 | 1 Lynxspring | 1 Jenesys Bas Bridge | 2017-02-17 | 5.5 MEDIUM | 7.1 HIGH |
| An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 and older. A user with read-only access can send commands to the software and the application will accept those commands. This would allow an attacker with read-only access to make changes within the application. | |||||
| CVE-2016-1883 | 1 Freebsd | 1 Freebsd | 2017-02-17 | 7.2 HIGH | 7.8 HIGH |
| The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors. | |||||
| CVE-2015-8440 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2017-02-17 | 10.0 HIGH | N/A |
| Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-8409 and CVE-2015-8453. | |||||
| CVE-2016-8659 | 1 Bubblewrap Project | 1 Bubblewrap | 2017-02-16 | 6.9 MEDIUM | 7.0 HIGH |
| Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might allow local users to gain privileges by attaching to the process, as demonstrated by sending commands to a PrivSep socket. | |||||
| CVE-2016-5934 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2017-02-15 | 6.9 MEDIUM | 7.3 HIGH |
| IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to run arbitrary code on the system with privileges of the victim. | |||||
| CVE-2016-10150 | 1 Linux | 1 Linux Kernel | 2017-02-09 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device. | |||||
| CVE-2016-6028 | 1 Ibm | 1 Rational Collaborative Lifecycle Management | 2017-02-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Jazz technology based products might allow an attacker to view work item titles that they do not have privilege to view. | |||||
| CVE-2016-9403 | 1 Mybb | 2 Merge System, Mybb | 2017-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to have unspecified impact by leveraging a missing permission check. | |||||
| CVE-2016-5720 | 1 Microsoft | 1 Skype | 2017-02-01 | 7.2 HIGH | 7.8 HIGH |
| Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory. | |||||
| CVE-2016-5876 | 1 Owncloud | 1 Owncloud | 2017-02-01 | 4.3 MEDIUM | 5.9 MEDIUM |
| ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request. | |||||
| CVE-2016-6527 | 1 Samsung | 1 Samsung Mobile | 2017-01-27 | 9.3 HIGH | 7.8 HIGH |
| The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. | |||||
| CVE-2016-6526 | 1 Samsung | 1 Samsung Mobile | 2017-01-27 | 9.3 HIGH | 7.8 HIGH |
| The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. | |||||
| CVE-2016-9012 | 1 Arista | 1 Cloudvision Portal | 2017-01-26 | 6.5 MEDIUM | 8.8 HIGH |
| CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle. | |||||
| CVE-2016-4340 | 1 Gitlab | 1 Gitlab | 2017-01-25 | 6.5 MEDIUM | 8.8 HIGH |
| The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors. | |||||
| CVE-2016-8458 | 1 Linux | 1 Linux Kernel | 2017-01-24 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31968442. | |||||
| CVE-2016-8457 | 1 Linux | 1 Linux Kernel | 2017-01-24 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219453. References: B-RB#106116. | |||||
| CVE-2016-8456 | 1 Linux | 1 Linux Kernel | 2017-01-24 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32219255. References: B-RB#105580. | |||||
| CVE-2016-8455 | 1 Linux | 1 Linux Kernel | 2017-01-24 | 9.3 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-32219121. References: B-RB#106311. | |||||
| CVE-2016-8445 | 1 Google | 1 Android | 2017-01-24 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747590. References: MT-ALPS02968983. | |||||
| CVE-2016-10086 | 5 Ca, Ibm, Linux and 2 more | 6 Service Desk Management, Service Desk Manager, Aix and 3 more | 2017-01-20 | 5.5 MEDIUM | 8.1 HIGH |
| RESTful web services in CA Service Desk Manager 12.9 and CA Service Desk Management 14.1 might allow remote authenticated users to read or modify task information by leveraging incorrect permissions applied to a RESTful request. | |||||
| CVE-2014-9909 | 1 Google | 1 Android | 2017-01-20 | 9.3 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684. | |||||
| CVE-2014-9910 | 1 Google | 1 Android | 2017-01-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31746399. References: B-RB#26710. | |||||
| CVE-2016-6772 | 1 Google | 1 Android | 2017-01-20 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351. | |||||
| CVE-2016-6762 | 1 Google | 1 Android | 2017-01-19 | 6.8 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability in the libziparchive library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31251826. | |||||
| CVE-2016-8221 | 1 Lenovo | 1 Xclarity Administrator | 2017-01-19 | 1.9 LOW | 7.0 HIGH |
| Privilege Escalation in Lenovo XClarity Administrator earlier than 1.2.0, if LXCA is used to manage rack switches or chassis with embedded input/output modules (IOMs), certain log files viewable by authenticated users may contain passwords for internal administrative LXCA accounts with temporary passwords that are used internally by LXCA code. | |||||
| CVE-2016-6788 | 1 Google | 1 Android | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the MediaTek I2C driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31224428. References: MT-ALPS02943467. | |||||
| CVE-2016-8451 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Synaptics touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.4. Android ID: A-32178033. | |||||
| CVE-2016-8448 | 1 Google | 1 Android | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31791148. References: MT-ALPS02982181. | |||||
| CVE-2016-8432 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32447738. References: N-CVE-2016-8432. | |||||
| CVE-2016-8464 | 1 Linux | 1 Linux Kernel | 2017-01-18 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-29000183. References: B-RB#106314. | |||||