Total
5251 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3051 | 1 Ibm | 1 Security Access Manager 9.0 Firmware | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714. | |||||
| CVE-2015-8621 | 1 Tcoffee | 1 T-coffee | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally. | |||||
| CVE-2010-5327 | 1 Liferay | 1 Liferay Portal | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. | |||||
| CVE-2016-10323 | 1 Synology | 1 Photo Station | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Synology Photo Station before 6.3-2958 allows local users to gain privileges by leveraging setuid execution of a "synophoto_dsm_user --copy-no-ea" command. | |||||
| CVE-2014-7851 | 2 Ovirt, Redhat | 2 Ovirt, Ovirt-engine | 2025-04-20 | 6.0 MEDIUM | 7.5 HIGH |
| oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session after logout from the webadmin, which allows remote authenticated users with knowledge of another user's session data to gain that user's privileges by replacing their session token with that of another user. | |||||
| CVE-2015-3222 | 1 Ossec | 1 Ossec | 2025-04-20 | 6.9 MEDIUM | 7.0 HIGH |
| syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root. | |||||
| CVE-2016-1883 | 1 Freebsd | 1 Freebsd | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The issetugid system call in the Linux compatibility layer in FreeBSD 9.3, 10.1, and 10.2 allows local users to gain privilege via unspecified vectors. | |||||
| CVE-2016-2779 | 1 Kernel | 1 Util-linux | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. | |||||
| CVE-2015-4082 | 1 Attic Project | 1 Attic | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file". | |||||
| CVE-2016-10156 | 1 Systemd Project | 1 Systemd | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. This is fixed in v229. | |||||
| CVE-2016-10118 | 1 Firejail Project | 1 Firejail | 2025-04-20 | 2.1 LOW | 3.3 LOW |
| Firejail allows local users to truncate /etc/resolv.conf via a chroot command to /. | |||||
| CVE-2015-7317 | 2 Kupu Project, Plone | 2 Kupu, Plone | 2025-04-20 | 4.9 MEDIUM | 6.8 MEDIUM |
| Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings. | |||||
| CVE-2014-8156 | 5 Debian, Fso-frameworkd Project, Fso-gsmd Project and 2 more | 5 Debian Linux, Fso-frameworkd, Fso-gsmd and 2 more | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, fsotdld, fsousaged) git master on 2015-01-19, the upstream framework.git 0.10.1 and git master on 2015-01-19, phonefsod 0.1+git20121018-1 as packaged in Debian, Ubuntu and potentially other packages, and potentially other fso modules do not properly filter D-Bus message paths, which might allow local users to cause a denial of service (dbus-daemon memory consumption), or execute arbitrary code as root by sending a crafted D-Bus message to any D-Bus system service. | |||||
| CVE-2016-8803 | 1 Huawei | 1 Fusionstorage | 2025-04-20 | 4.1 MEDIUM | 7.5 HIGH |
| The maintenance module in Huawei FusionStorage V100R003C30U1 allows attackers to create documents according to special rules to obtain the OS root privilege of FusionStorage. | |||||
| CVE-2015-7358 | 4 Ciphershed, Idrix, Microsoft and 1 more | 4 Ciphershed, Veracrypt, Windows and 1 more | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory. | |||||
| CVE-2016-5864 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. In another function, a missing check for a lower bound may result in an out of bounds memory access. | |||||
| CVE-2015-5682 | 1 Powerplay Gallery Project | 1 Powerplay Gallery | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable. | |||||
| CVE-2016-10372 | 1 Eir | 2 D1000 Modem, D1000 Modem Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature. | |||||
| CVE-2016-6772 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351. | |||||
| CVE-2015-3321 | 1 Lenovo | 1 Fingerprint Manager | 2025-04-20 | 7.2 HIGH | 6.7 MEDIUM |
| Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. | |||||