Total
5251 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4650 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors. | |||||
| CVE-2016-8476 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32879283. References: QC-CR#1091940. | |||||
| CVE-2016-10120 | 1 Firejail Project | 1 Firejail | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, (3) /var/tmp, or (4) /var/lock, which allows local users to gain privileges. | |||||
| CVE-2014-7279 | 1 Kankunit | 2 Konke Smart Plug, Konke Smart Plug Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The Konke Smart Plug K does not require authentication for TELNET sessions, which allows remote attackers to obtain "equipment management authority" via TCP traffic to port 23. | |||||
| CVE-2016-5007 | 2 Pivotal Software, Vmware | 3 Spring Framework, Spring Framework, Spring Security | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on URL pattern mappings for authorization and for mapping requests to controllers respectively. Differences in the strictness of the pattern matching mechanisms, for example with regards to space trimming in path segments, can lead Spring Security to not recognize certain paths as not protected that are in fact mapped to Spring MVC controllers that should be protected. The problem is compounded by the fact that the Spring Framework provides richer features with regards to pattern matching as well as by the fact that pattern matching in each Spring Security and the Spring Framework can easily be customized creating additional differences. | |||||
| CVE-2016-8353 | 1 Osisoft | 1 Pi Web Api 2015 R2 | 2025-04-20 | 5.5 MEDIUM | 6.4 MEDIUM |
| An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions. | |||||
| CVE-2015-2560 | 1 Zohocorp | 1 Manageengine Desktop Central | 2025-04-20 | 5.0 MEDIUM | 9.8 CRITICAL |
| Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. | |||||
| CVE-2016-8481 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. References: QC-CR#1078000. | |||||
| CVE-2004-2778 | 1 Gentoo | 1 Portage | 2025-04-20 | 3.6 LOW | 7.1 HIGH |
| Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands. | |||||
| CVE-2015-7561 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2025-04-20 | 3.5 LOW | 3.1 LOW |
| Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image. | |||||
| CVE-2016-8228 | 1 Lenovo | 1 Lenovo Service Bridge | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. | |||||
| CVE-2016-6804 | 2 Apache, Microsoft | 2 Openoffice, Windows | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon. | |||||
| CVE-2016-10345 | 1 Phusion | 1 Passenger | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| In Phusion Passenger before 5.1.0, a known /tmp filename was used during passenger-install-nginx-module execution, which could allow local attackers to gain the privileges of the passenger user. | |||||
| CVE-2016-10286 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-35400904. References: QC-CR#1090237. | |||||
| CVE-2016-9097 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2025-04-20 | 8.0 HIGH | 7.2 HIGH |
| The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges. | |||||
| CVE-2016-4675 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2016-5856 | 2 Google, Linux | 2 Android, Linux Kernel | 2025-04-20 | 7.6 HIGH | 7.0 HIGH |
| Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local users to gain privileges, a different vulnerability than CVE-2016-5857. | |||||
| CVE-2015-8089 | 1 Huawei | 6 P7-l00, P7-l00 Firmware, P7-l05 and 3 more | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
| The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service (system crash) or gain privileges via a crafted application. | |||||
| CVE-2016-10121 | 1 Firejail Project | 1 Firejail | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Firejail uses weak permissions for /dev/shm/firejail and possibly other files, which allows local users to gain privileges. | |||||
| CVE-2016-5857 | 1 Google | 1 Android | 2025-04-20 | 6.9 MEDIUM | 7.8 HIGH |
| The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140. | |||||