Total
5244 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8031 | 1 Mcafee | 1 Anti-malware Scan Engine | 2025-04-20 | 4.4 MEDIUM | 7.3 HIGH |
| Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local users to bypass local security protection via a crafted input file. | |||||
| CVE-2016-4435 | 1 Pivotal | 1 Bosh Stemcell | 2025-04-20 | 6.8 MEDIUM | 9.0 CRITICAL |
| An endpoint of the Agent running on the BOSH Director VM with stemcell versions prior to 3232.6 and 3146.13 may allow unauthenticated clients to read or write blobs or cause a denial of service attack on the Director VM. This vulnerability requires that the unauthenticated clients guess or find a URL matching an existing GUID. | |||||
| CVE-2015-1590 | 1 Kamailio | 1 Kamailio | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl. | |||||
| CVE-2015-4650 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors. | |||||
| CVE-2016-8476 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940. | |||||
| CVE-2016-10120 | 1 Firejail Project | 1 Firejail | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges. | |||||
| CVE-2014-7279 | 1 Kankunit | 2 Konke Smart Plug, Konke Smart Plug Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23. | |||||
| CVE-2016-5007 | 2 Pivotal Software, Vmware | 3 Spring Framework, Spring Framework, Spring Security | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. | |||||
| CVE-2016-8353 | 1 Osisoft | 1 Pi Web Api 2015 R2 | 2025-04-20 | 5.5 MEDIUM | 6.4 MEDIUM |
| An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. | |||||
| CVE-2015-2560 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. | |||||
| CVE-2016-8481 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000. | |||||
| CVE-2004-2778 | 1 Gentoo | 1 Portage | 2025-04-20 | 3.6 LOW | 7.1 HIGH |
| Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands. | |||||
| CVE-2015-7561 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2025-04-20 | 3.5 LOW | 3.1 LOW |
| Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | |||||
| CVE-2016-8228 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. | |||||
| CVE-2016-6804 | 2 Apache, Microsoft | 2 Openoffice, Windows | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon. | |||||
| CVE-2016-10345 | 1 Phusion | 1 Passenger | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. | |||||
| CVE-2016-10286 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400904. References: QC-CR#1090237. | |||||
| CVE-2016-9097 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2025-04-20 | 8.0 HIGH | 7.2 HIGH |
| The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges. | |||||
| CVE-2016-4675 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2016-5856 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857. | |||||